FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1e7b316b-c6a8-11ea-a7d5-001999f8d30bVirtualBox -- Multiple vulnerabilities

Oracle reports:

Vulnerabilities in VirtualBox core can allow users with logon access to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of these vulnerabilities can result in unauthorized access to critical data, access to all Oracle VM VirtualBox accessible data, unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) or takeover of Oracle VM VirtualBox.


Discovery 2020-07-14
Entry 2020-07-19
virtualbox-ose
ge 5.2 lt 5.2.44

ge 6.0 lt 6.0.24

ge 6.1 lt 6.1.12

https://www.oracle.com/security-alerts/cpujul2020.html
CVE-2020-14628
CVE-2020-14629
CVE-2020-14646
CVE-2020-14647
CVE-2020-14648
CVE-2020-14649
CVE-2020-14650
CVE-2020-14673
CVE-2020-14674
CVE-2020-14675
CVE-2020-14676
CVE-2020-14677
CVE-2020-14694
CVE-2020-14695
CVE-2020-14698
CVE-2020-14699
CVE-2020-14700
CVE-2020-14703
CVE-2020-14704
CVE-2020-14707
CVE-2020-14711
CVE-2020-14712
CVE-2020-14713
CVE-2020-14714
CVE-2020-14715
2780e442-fc59-11e4-b18b-6805ca1d3bb1qemu, xen and VirtualBox OSE -- possible VM escape and code execution ("VENOM")

Jason Geffner, CrowdStrike Senior Security Researcher reports:

VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host's local network and adjacent systems.


Discovery 2015-04-29
Entry 2015-05-17
Modified 2015-09-28
qemu
qemu-devel
< 0.11.1_19

ge 0.12 lt 2.3.0_1

qemu-sbruno
< 2.3.50.g20150501_1

virtualbox-ose
< 4.3.28

xen-tools
ge 4.5.0 lt 4.5.0_5

CVE-2015-3456
ports/200255
ports/200256
ports/200257
http://venom.crowdstrike.com/
http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html
http://xenbits.xen.org/xsa/advisory-133.html
7d40edd1-901e-11e6-a590-14dae9d210b8VirtualBox -- undisclosed vulnerabilities

Oracle reports reports:

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core.

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP) enabled, allows remote attackers to affect availability via unknown vectors related to Core.


Discovery 2015-10-01
Entry 2016-10-12
Modified 2016-10-18
virtualbox-ose
ge 5.0 lt 5.0.8

ge 4.3 lt 4.3.32

ge 4.2 lt 4.2.34

ge 4.1 lt 4.1.42

ge 4.0 lt 4.0.34

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4813
CVE-2015-4896
ports/204406
81f1fdc2-7ec7-11e3-a6c6-00163e1ed244virtualbox-ose -- local vulnerability

Oracle reports:

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.


Discovery 2014-01-15
Entry 2014-01-16
virtualbox-ose
< 4.2.22

CVE-2013-5892
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html