CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2018-3090 – Oracle VirtualBox crUnpackPixelMapfv Untrusted Pointer Dereference Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-3090
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104764 http://www.securitytracker.com/id/1041296 •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-3091 – Oracle VirtualBox SHCRGL_GUEST_FN_WRITE_READ_BUFFERED Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-3091
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104764 http://www.securitytracker.com/id/1041296 •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2018-3089 – Oracle VirtualBox crUnpackTexImage2D Untrusted Pointer Dereference Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-3089
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104764 http://www.securitytracker.com/id/1041296 •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2018-3087 – Oracle VirtualBox crUnpackPixelMapusv Untrusted Pointer Dereference Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-3087
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104764 http://www.securitytracker.com/id/1041296 •
CVSS: 5.6EPSS: 97%CPEs: 1090EXPL: 3CVE-2017-5715 – Multiple CPUs - 'Spectre' Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5715
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores con ejecución especulativa y predicción indirecta de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. • https://www.exploit-db.com/exploits/43427 https://github.com/GalloLuigi/Analisi-CVE-2017-5715 http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html http://lists.opensuse.org/opensuse& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •