CVE Daily
← All tags

Tag: VirtualBox

All CVEs associated with "VirtualBox". Page 4/4 • 422 CVEs.

Subscribe CVEs: RSS for “VirtualBox”  ·  RSS (High+Critical only)

About “VirtualBox”

A curated feed of “VirtualBox”-related CVEs appears below. We currently track 422 CVEs for this tag (all time). In the last 365 days, 42 were published. Average CVSS is 6.5 (all time; 6.9 over 365d), and 49% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-284 - Improper Access Control, CWE-269 - Improper Privilege Management, CWE-267 - Privilege Defined With Unsafe Actions.

In our taxonomy this topic maps to a MODERATE impact class. Virtualization and VDI management can impact many hosts at once. Patch the management plane first, restrict management networks, and verify backup or snapshot workflows. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2017-04-24
Low

CVE-2017-3513

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Difficult to exploit v…

CVSS: 2.5 CWE: N/A View on NVD
2017-01-27
High

CVE-2017-3332

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: VirtualBox SVGA Emulation). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior t…

CVSS: 8.4 CWE: N/A View on NVD
High

CVE-2017-3316

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily explo…

CVSS: 8.4 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-3290

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Ea…

CVSS: 7.9 CWE: N/A View on NVD
Medium

CVE-2016-5545

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily explo…

CVSS: 6.3 CWE: CWE-254 View on NVD
2016-10-25
Medium

CVE-2016-5613

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2016-5611

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core.

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-5610

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability…

CVSS: 6.8 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2016-5608

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a…

CVSS: 5.5 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2016-5605

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE.

CVSS: 9.1 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2016-5538

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability…

CVSS: 6.7 CWE: N/A View on NVD
High

CVE-2016-5501

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability…

CVSS: 7.8 CWE: N/A View on NVD
2016-07-21
Medium

CVE-2016-3612

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.22 allows remote attackers to affect confidentiality via vectors related to Core.

CVSS: 5.9 CWE: N/A View on NVD
Medium

CVE-2016-3597

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.26 allows local users to affect availability via vectors related to Core.

CVSS: 5.5 CWE: N/A View on NVD
2016-04-21
Medium

CVE-2016-0678

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors…

CVSS: 6.7 CWE: N/A View on NVD
2016-01-21
Medium

CVE-2016-0602

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.14 allows local users to affect confidentiality, integrity, and availability via unknown…

CVSS: 6.2 CWE: N/A View on NVD
Low

CVE-2016-0592

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and before 5.0.14 allows local users to affect availability via unknown vectors relat…

CVSS: 2.1 CWE: N/A View on NVD
Medium

CVE-2016-0495

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers to affect availability via unknown vectors related…

CVSS: 4.3 CWE: N/A View on NVD
2015-10-21
Medium

CVE-2015-4896

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP) en…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2015-4856

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.30, 4.1.38, 4.2.30, 4.3.26, and 5.0.0 allows local users to affect availability via unkn…

CVSS: 4.9 CWE: N/A View on NVD
Low

CVE-2015-4813

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users…

CVSS: 2.1 CWE: N/A View on NVD
2015-07-16
Medium

CVE-2015-2594

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.32, 4.1.40, 4.2.32, and 4.3.30 allows local users to affect confidentiality, integrity…

CVSS: 6.6 CWE: N/A View on NVD
2015-01-21
Low

CVE-2015-0427

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSV…

CVSS: 3.2 CWE: N/A View on NVD
Low

CVE-2015-0418

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown v…

CVSS: 2.1 CWE: N/A View on NVD
Medium

CVE-2015-0377

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown v…

CVSS: 4.4 CWE: N/A View on NVD
Low

CVE-2014-6595

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA…

CVSS: 3.2 CWE: N/A View on NVD
Low

CVE-2014-6590

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA…

CVSS: 3.2 CWE: N/A View on NVD
Low

CVE-2014-6589

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA…

CVSS: 3.2 CWE: N/A View on NVD
Low

CVE-2014-6588

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA…

CVSS: 3.2 CWE: N/A View on NVD
2014-10-15
Low

CVE-2014-6540

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, before 4.2.26, and before 4.3.14 allows local users to affect availability via vecto…

CVSS: 1.9 CWE: N/A View on NVD
2014-09-18
Medium

CVE-2014-2886

GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untr…

CVSS: 6.8 CWE: CWE-264 View on NVD
2014-07-17
Medium

CVE-2014-4261

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality, int…

CVSS: 6.9 CWE: N/A View on NVD
Medium

CVE-2014-4228

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and avai…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2014-2489

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, int…

CVSS: 4.1 CWE: N/A View on NVD
Low

CVE-2014-2488

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via…

CVSS: 1.0 CWE: N/A View on NVD
Medium

CVE-2014-2487

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14, when running on Windows, allows local users to a…

CVSS: 6.9 CWE: N/A View on NVD
Low

CVE-2014-2486

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availa…

CVSS: 3.0 CWE: N/A View on NVD
Low

CVE-2014-2477

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availa…

CVSS: 3.6 CWE: N/A View on NVD
2014-04-16
Medium

CVE-2014-2441

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and avai…

CVSS: 4.4 CWE: N/A View on NVD
2014-03-31
Medium

CVE-2014-0983

Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.…

CVSS: 6.9 CWE: CWE-399 View on NVD
Medium

CVE-2014-0981

VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local gue…

CVSS: 4.4 CWE: CWE-399 View on NVD
2014-01-15
Low

CVE-2014-0407

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, in…

CVSS: 3.5 CWE: N/A View on NVD
Low

CVE-2014-0406

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and avail…

CVSS: 2.4 CWE: N/A View on NVD
Low

CVE-2014-0405

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, in…

CVSS: 3.5 CWE: N/A View on NVD
Low

CVE-2014-0404

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and avail…

CVSS: 2.4 CWE: N/A View on NVD
Low

CVE-2013-5892

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, in…

CVSS: 3.5 CWE: N/A View on NVD
2013-10-16
Low

CVE-2013-3792

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.18, 4.0.20, 4.1.28, and 4.2.18 allows local users to affect availability via unknown v…

CVSS: 3.8 CWE: N/A View on NVD
2013-01-17
Low

CVE-2013-0420

Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: Th…

CVSS: 2.4 CWE: N/A View on NVD
2012-10-17
Low

CVE-2012-3221

Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core.…

CVSS: 2.1 CWE: N/A View on NVD
2012-01-18
Low

CVE-2012-0111

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders.

CVSS: 3.6 CWE: N/A View on NVD
Low

CVE-2012-0105

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to W…

CVSS: 3.7 CWE: N/A View on NVD
2011-07-21
Medium

CVE-2011-2305

Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors.

CVSS: 6.2 CWE: N/A View on NVD
Low

CVE-2011-2300

Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 through 4.0.8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest A…

CVSS: 3.7 CWE: N/A View on NVD
2011-01-19
Medium

CVE-2010-4414

Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Extensions.

CVSS: 6.8 CWE: N/A View on NVD
2009-11-16
Low

CVE-2009-3940

Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of servic…

CVSS: 2.1 CWE: N/A View on NVD
2009-11-10
High

CVE-2009-3923

The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors inv…

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
2009-10-13
High

CVE-2009-3692

Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.

CVSS: 7.2 CWE: N/A View on NVD
2009-08-07
Medium

CVE-2009-2715

Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction.

CVSS: 4.9 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2009-2714

Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows guest OS users to cause a denial of service (host OS reboot) via unknown vectors.

CVSS: 4.9 CWE: N/A View on NVD
2009-03-12
Medium

CVE-2009-0876

Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, r…

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-11-27
Medium

CVE-2008-5256

The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary fil…

CVSS: 4.4 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-08-05
High

CVE-2008-3431

The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with t…

CVSS: 8.8 CWE: N/A View on NVD