pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b1153fc0bf
vuln-list-alt/oval/p9/ALT-PU-2017-1918/definitions.json
pepelyaevip 83c40c9d64 ALT Vulnerability
2024-07-06 03:04:52 +00:00

848 lines
57 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20171918",
"Version": "oval:org.altlinux.errata:def:20171918",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2017-1918: package `kernel-modules-virtualbox-addition-std-def` update to version 5.1.24-alt1.264486.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2017-1918",
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-1918",
"Source": "ALTPU"
},
{
"RefID": "BDU:2015-07217",
"RefURL": "https://bdu.fstec.ru/vul/2015-07217",
"Source": "BDU"
},
{
"RefID": "BDU:2015-07219",
"RefURL": "https://bdu.fstec.ru/vul/2015-07219",
"Source": "BDU"
},
{
"RefID": "BDU:2015-07221",
"RefURL": "https://bdu.fstec.ru/vul/2015-07221",
"Source": "BDU"
},
{
"RefID": "BDU:2015-07223",
"RefURL": "https://bdu.fstec.ru/vul/2015-07223",
"Source": "BDU"
},
{
"RefID": "BDU:2015-07225",
"RefURL": "https://bdu.fstec.ru/vul/2015-07225",
"Source": "BDU"
},
{
"RefID": "BDU:2015-07227",
"RefURL": "https://bdu.fstec.ru/vul/2015-07227",
"Source": "BDU"
},
{
"RefID": "BDU:2015-07229",
"RefURL": "https://bdu.fstec.ru/vul/2015-07229",
"Source": "BDU"
},
{
"RefID": "BDU:2015-07230",
"RefURL": "https://bdu.fstec.ru/vul/2015-07230",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09331",
"RefURL": "https://bdu.fstec.ru/vul/2015-09331",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09332",
"RefURL": "https://bdu.fstec.ru/vul/2015-09332",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09333",
"RefURL": "https://bdu.fstec.ru/vul/2015-09333",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09334",
"RefURL": "https://bdu.fstec.ru/vul/2015-09334",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09335",
"RefURL": "https://bdu.fstec.ru/vul/2015-09335",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09336",
"RefURL": "https://bdu.fstec.ru/vul/2015-09336",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09337",
"RefURL": "https://bdu.fstec.ru/vul/2015-09337",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09338",
"RefURL": "https://bdu.fstec.ru/vul/2015-09338",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09813",
"RefURL": "https://bdu.fstec.ru/vul/2015-09813",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09814",
"RefURL": "https://bdu.fstec.ru/vul/2015-09814",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09865",
"RefURL": "https://bdu.fstec.ru/vul/2015-09865",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09866",
"RefURL": "https://bdu.fstec.ru/vul/2015-09866",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09867",
"RefURL": "https://bdu.fstec.ru/vul/2015-09867",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09868",
"RefURL": "https://bdu.fstec.ru/vul/2015-09868",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09869",
"RefURL": "https://bdu.fstec.ru/vul/2015-09869",
"Source": "BDU"
},
{
"RefID": "BDU:2015-10227",
"RefURL": "https://bdu.fstec.ru/vul/2015-10227",
"Source": "BDU"
},
{
"RefID": "BDU:2015-10228",
"RefURL": "https://bdu.fstec.ru/vul/2015-10228",
"Source": "BDU"
},
{
"RefID": "BDU:2015-10229",
"RefURL": "https://bdu.fstec.ru/vul/2015-10229",
"Source": "BDU"
},
{
"RefID": "BDU:2015-10230",
"RefURL": "https://bdu.fstec.ru/vul/2015-10230",
"Source": "BDU"
},
{
"RefID": "BDU:2015-10231",
"RefURL": "https://bdu.fstec.ru/vul/2015-10231",
"Source": "BDU"
},
{
"RefID": "BDU:2015-10232",
"RefURL": "https://bdu.fstec.ru/vul/2015-10232",
"Source": "BDU"
},
{
"RefID": "BDU:2015-10233",
"RefURL": "https://bdu.fstec.ru/vul/2015-10233",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01150",
"RefURL": "https://bdu.fstec.ru/vul/2017-01150",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01151",
"RefURL": "https://bdu.fstec.ru/vul/2017-01151",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01152",
"RefURL": "https://bdu.fstec.ru/vul/2017-01152",
"Source": "BDU"
},
{
"RefID": "CVE-2015-0235",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-0235",
"Source": "CVE"
},
{
"RefID": "CVE-2017-10129",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-10129",
"Source": "CVE"
},
{
"RefID": "CVE-2017-10187",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-10187",
"Source": "CVE"
},
{
"RefID": "CVE-2017-10204",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-10204",
"Source": "CVE"
},
{
"RefID": "CVE-2017-10209",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-10209",
"Source": "CVE"
},
{
"RefID": "CVE-2017-10210",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-10210",
"Source": "CVE"
},
{
"RefID": "CVE-2017-10233",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-10233",
"Source": "CVE"
},
{
"RefID": "CVE-2017-10235",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-10235",
"Source": "CVE"
},
{
"RefID": "CVE-2017-10236",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-10236",
"Source": "CVE"
},
{
"RefID": "CVE-2017-10237",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-10237",
"Source": "CVE"
},
{
"RefID": "CVE-2017-10238",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-10238",
"Source": "CVE"
},
{
"RefID": "CVE-2017-10239",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-10239",
"Source": "CVE"
},
{
"RefID": "CVE-2017-10240",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-10240",
"Source": "CVE"
},
{
"RefID": "CVE-2017-10241",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-10241",
"Source": "CVE"
},
{
"RefID": "CVE-2017-10242",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-10242",
"Source": "CVE"
},
{
"RefID": "CVE-2017-3513",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3513",
"Source": "CVE"
},
{
"RefID": "CVE-2017-3558",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3558",
"Source": "CVE"
},
{
"RefID": "CVE-2017-3559",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3559",
"Source": "CVE"
},
{
"RefID": "CVE-2017-3561",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3561",
"Source": "CVE"
},
{
"RefID": "CVE-2017-3563",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3563",
"Source": "CVE"
},
{
"RefID": "CVE-2017-3575",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3575",
"Source": "CVE"
},
{
"RefID": "CVE-2017-3576",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3576",
"Source": "CVE"
},
{
"RefID": "CVE-2017-3587",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3587",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-modules-virtualbox-addition-std-def to version 5.1.24-alt1.264486.1. \nSecurity Fix(es):\n\n * BDU:2015-07217: Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-07219: Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-07221: Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-07223: Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-07225: Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-07227: Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-07229: Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-07230: Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-09331: Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-09332: Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-09333: Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-09334: Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-09335: Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-09336: Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-09337: Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-09338: Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-09813: Уязвимость операционной системы Red Hat Enterprise Virtualization, позволяющая удаленному нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2015-09814: Уязвимость операционной системы Debian GNU/Linux, позволяющая удаленному злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2015-09865: Уязвимость микропрограммного обеспечения сервера контроля безопасного доступа Cisco ACS, позволяющая удаленному злоумышленнику выполнить произвольный код\n\n * BDU:2015-09866: Уязвимость микропрограммного обеспечения маршрутизатора Cisco ASR, позволяющая удаленному злоумышленнику выполнить произвольный код\n\n * BDU:2015-09867: Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 5000, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2015-09868: Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 7000, позволяющая удаленному злоумышленнику выполнить произвольный код\n\n * BDU:2015-09869: Уязвимость микропрограммного обеспечения системы коммуникаций Cisco Unified Communications Manager, позволяющая удаленному злоумышленнику выполнить произвольный код\n\n * BDU:2015-10227: Уязвимость микропрограммного обеспечения виртуального коммутатора Cisco Nexus 1000V, позволяющая удаленному злоумышленнику выполнить произвольный код\n\n * BDU:2015-10228: Уязвимость микропрограммного обеспечения контроллера беспроводных Cisco Wireless LAN Controller 2000, позволяющая удаленному злоумышленнику выполнить произвольный код\n\n * BDU:2015-10229: Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 2100, позволяющая удаленному злоумышленнику выполнить произвольный код\n\n * BDU:2015-10230: Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 2500, позволяющая удаленному злоумышленнику выполнить произвольный код\n\n * BDU:2015-10231: Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 4100, позволяющая удаленному злоумышленнику выполнить произвольный код\n\n * BDU:2015-10232: Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 4400, позволяющая удаленному злоумышленнику выполнить произвольный код\n\n * BDU:2015-10233: Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 5500, позволяющая удаленному злоумышленнику выполнить произвольный код\n\n * BDU:2017-01150: Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2017-01151: Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая злоумышленнику нарушить конфиденциальность информации\n\n * BDU:2017-01152: Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2015-0235: Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka \"GHOST.\"\n\n * CVE-2017-10129: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).\n\n * CVE-2017-10187: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 4.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L).\n\n * CVE-2017-10204: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).\n\n * CVE-2017-10209: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 5.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L).\n\n * CVE-2017-10210: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).\n\n * CVE-2017-10233: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H).\n\n * CVE-2017-10235: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H).\n\n * CVE-2017-10236: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).\n\n * CVE-2017-10237: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).\n\n * CVE-2017-10238: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).\n\n * CVE-2017-10239: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).\n\n * CVE-2017-10240: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).\n\n * CVE-2017-10241: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).\n\n * CVE-2017-10242: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).\n\n * CVE-2017-3513: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N).\n\n * CVE-2017-3558: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H).\n\n * CVE-2017-3559: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H).\n\n * CVE-2017-3561: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).\n\n * CVE-2017-3563: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).\n\n * CVE-2017-3575: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H).\n\n * CVE-2017-3576: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).\n\n * CVE-2017-3587: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H).",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2017-07-20"
},
"Updated": {
"Date": "2017-07-20"
},
"BDUs": [
{
"ID": "BDU:2015-07217",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-07217",
"Impact": "Critical",
"Public": "20150127"
},
{
"ID": "BDU:2015-07219",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-07219",
"Impact": "Critical",
"Public": "20150127"
},
{
"ID": "BDU:2015-07221",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-07221",
"Impact": "Critical",
"Public": "20150127"
},
{
"ID": "BDU:2015-07223",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-07223",
"Impact": "Critical",
"Public": "20150127"
},
{
"ID": "BDU:2015-07225",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-07225",
"Impact": "Critical",
"Public": "20150127"
},
{
"ID": "BDU:2015-07227",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-07227",
"Impact": "Critical",
"Public": "20150127"
},
{
"ID": "BDU:2015-07229",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-07229",
"Impact": "Critical",
"Public": "20150127"
},
{
"ID": "BDU:2015-07230",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-07230",
"Impact": "Critical",
"Public": "20150127"
},
{
"ID": "BDU:2015-09331",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2015-09331",
"Impact": "Critical",
"Public": "20150128"
},
{
"ID": "BDU:2015-09332",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2015-09332",
"Impact": "Critical",
"Public": "20150128"
},
{
"ID": "BDU:2015-09333",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2015-09333",
"Impact": "Critical",
"Public": "20150128"
},
{
"ID": "BDU:2015-09334",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2015-09334",
"Impact": "Critical",
"Public": "20150128"
},
{
"ID": "BDU:2015-09335",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2015-09335",
"Impact": "Critical",
"Public": "20150128"
},
{
"ID": "BDU:2015-09336",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2015-09336",
"Impact": "Critical",
"Public": "20150128"
},
{
"ID": "BDU:2015-09337",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2015-09337",
"Impact": "Critical",
"Public": "20150128"
},
{
"ID": "BDU:2015-09338",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2015-09338",
"Impact": "Critical",
"Public": "20150128"
},
{
"ID": "BDU:2015-09813",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-09813",
"Impact": "Critical",
"Public": "20150204"
},
{
"ID": "BDU:2015-09814",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-09814",
"Impact": "Critical",
"Public": "20150127"
},
{
"ID": "BDU:2015-09865",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-09865",
"Impact": "Critical",
"Public": "20150128"
},
{
"ID": "BDU:2015-09866",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-09866",
"Impact": "Critical",
"Public": "20150128"
},
{
"ID": "BDU:2015-09867",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-09867",
"Impact": "Critical",
"Public": "20150128"
},
{
"ID": "BDU:2015-09868",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-09868",
"Impact": "Critical",
"Public": "20150128"
},
{
"ID": "BDU:2015-09869",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-09869",
"Impact": "Critical",
"Public": "20150128"
},
{
"ID": "BDU:2015-10227",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-10227",
"Impact": "Critical",
"Public": "20150128"
},
{
"ID": "BDU:2015-10228",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-10228",
"Impact": "Critical",
"Public": "20150128"
},
{
"ID": "BDU:2015-10229",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-10229",
"Impact": "Critical",
"Public": "20150128"
},
{
"ID": "BDU:2015-10230",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-10230",
"Impact": "Critical",
"Public": "20150128"
},
{
"ID": "BDU:2015-10231",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-10231",
"Impact": "Critical",
"Public": "20150128"
},
{
"ID": "BDU:2015-10232",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-10232",
"Impact": "Critical",
"Public": "20150128"
},
{
"ID": "BDU:2015-10233",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-10233",
"Impact": "Critical",
"Public": "20150128"
},
{
"ID": "BDU:2017-01150",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"CWE": "CWE-284",
"Href": "https://bdu.fstec.ru/vul/2017-01150",
"Impact": "Low",
"Public": "20170424"
},
{
"ID": "BDU:2017-01151",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-284",
"Href": "https://bdu.fstec.ru/vul/2017-01151",
"Impact": "Low",
"Public": "20170424"
},
{
"ID": "BDU:2017-01152",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"CWE": "CWE-284",
"Href": "https://bdu.fstec.ru/vul/2017-01152",
"Impact": "Low",
"Public": "20170424"
}
],
"CVEs": [
{
"ID": "CVE-2015-0235",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-0235",
"Impact": "Critical",
"Public": "20150128"
},
{
"ID": "CVE-2017-10129",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-10129",
"Impact": "High",
"Public": "20170808"
},
{
"ID": "CVE-2017-10187",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-10187",
"Impact": "Low",
"Public": "20170808"
},
{
"ID": "CVE-2017-10204",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-10204",
"Impact": "High",
"Public": "20170808"
},
{
"ID": "CVE-2017-10209",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-10209",
"Impact": "Low",
"Public": "20170808"
},
{
"ID": "CVE-2017-10210",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-10210",
"Impact": "High",
"Public": "20170808"
},
{
"ID": "CVE-2017-10233",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-10233",
"Impact": "High",
"Public": "20170808"
},
{
"ID": "CVE-2017-10235",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-10235",
"Impact": "Low",
"Public": "20170808"
},
{
"ID": "CVE-2017-10236",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-10236",
"Impact": "High",
"Public": "20170808"
},
{
"ID": "CVE-2017-10237",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-10237",
"Impact": "High",
"Public": "20170808"
},
{
"ID": "CVE-2017-10238",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-10238",
"Impact": "High",
"Public": "20170808"
},
{
"ID": "CVE-2017-10239",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-10239",
"Impact": "High",
"Public": "20170808"
},
{
"ID": "CVE-2017-10240",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-10240",
"Impact": "High",
"Public": "20170808"
},
{
"ID": "CVE-2017-10241",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-10241",
"Impact": "High",
"Public": "20170808"
},
{
"ID": "CVE-2017-10242",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-10242",
"Impact": "High",
"Public": "20170808"
},
{
"ID": "CVE-2017-3513",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3513",
"Impact": "Low",
"Public": "20170424"
},
{
"ID": "CVE-2017-3558",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3558",
"Impact": "High",
"Public": "20170424"
},
{
"ID": "CVE-2017-3559",
"CVSS": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3559",
"Impact": "High",
"Public": "20170424"
},
{
"ID": "CVE-2017-3561",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3561",
"Impact": "High",
"Public": "20170424"
},
{
"ID": "CVE-2017-3563",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3563",
"Impact": "High",
"Public": "20170424"
},
{
"ID": "CVE-2017-3575",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3575",
"Impact": "High",
"Public": "20170424"
},
{
"ID": "CVE-2017-3576",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3576",
"Impact": "High",
"Public": "20170424"
},
{
"ID": "CVE-2017-3587",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3587",
"Impact": "High",
"Public": "20170424"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20171918001",
"Comment": "kernel-modules-virtualbox-addition-std-def is earlier than 0:5.1.24-alt1.264486.1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink