FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 21:13:12 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f32b1fbd-264d-11ee-a468-80fa5b29d485virtualbox-ose -- multiple vulnerabilities

secalert_us@oracle.com reports:

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).


Discovery 2023-07-18
Entry 2023-07-19
virtualbox-ose
< 6.1.46

CVE-2023-22016
https://nvd.nist.gov/vuln/detail/CVE-2023-22016
1e7b316b-c6a8-11ea-a7d5-001999f8d30bVirtualBox -- Multiple vulnerabilities

Oracle reports:

Vulnerabilities in VirtualBox core can allow users with logon access to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of these vulnerabilities can result in unauthorized access to critical data, access to all Oracle VM VirtualBox accessible data, unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) or takeover of Oracle VM VirtualBox.


Discovery 2020-07-14
Entry 2020-07-19
virtualbox-ose
ge 5.2 lt 5.2.44

ge 6.0 lt 6.0.24

ge 6.1 lt 6.1.12

https://www.oracle.com/security-alerts/cpujul2020.html
CVE-2020-14628
CVE-2020-14629
CVE-2020-14646
CVE-2020-14647
CVE-2020-14648
CVE-2020-14649
CVE-2020-14650
CVE-2020-14673
CVE-2020-14674
CVE-2020-14675
CVE-2020-14676
CVE-2020-14677
CVE-2020-14694
CVE-2020-14695
CVE-2020-14698
CVE-2020-14699
CVE-2020-14700
CVE-2020-14703
CVE-2020-14704
CVE-2020-14707
CVE-2020-14711
CVE-2020-14712
CVE-2020-14713
CVE-2020-14714
CVE-2020-14715
bc90e894-264b-11ee-a468-80fa5b29d485virtualbox-ose -- multiple vulnerabilities

secalert_us@oracle.com reports:

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).


Discovery 2023-07-18
Entry 2023-07-19
virtualbox-ose
< 6.1.46

CVE-2023-22018
https://nvd.nist.gov/vuln/detail/CVE-2023-22018
1ba034fb-ca38-11ed-b242-d4c9ef517024OpenSSL -- Excessive Resource Usage Verifying X.509 Policy Constraints

The OpenSSL project reports:

Severity: Low

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems.


Discovery 2023-03-23
Entry 2023-03-24
Modified 2023-07-19
openssl
< 1.1.1t,1_1

openssl30
< 3.0.8_1

openssl31
< 3.1.0_1

openssl-quic
< 3.0.8_1

virtualbox-ose
< 6.1.46

CVE-2023-0464
https://www.openssl.org/news/secadv/20230322.txt
cf40e8b7-264d-11ee-a468-80fa5b29d485virtualbox-ose -- multiple vulnerabilities

secalert_us@oracle.com reports:

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).


Discovery 2023-07-18
Entry 2023-07-19
virtualbox-ose
< 6.1.46

CVE-2023-22017
https://nvd.nist.gov/vuln/detail/CVE-2023-22017
e1387e95-08d0-11ed-be26-001999f8d30bVirtualBox -- Multiple vulnerabilities

Oracle reports:

Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox.


Discovery 2022-07-20
Entry 2022-07-21
virtualbox-ose
< 6.1.36

CVE-2022-21554
CVE-2022-21571
https://www.oracle.com/security-alerts/cpujul2022.html