python3-virtualbox-6.1.26-3.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11501 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z python3-virtualbox-6.1.26-3.2 on GA media These are all security issues fixed in the python3-virtualbox-6.1.26-3.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11501 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11501 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-10392/ SUSE CVE CVE-2017-10392 page https://www.suse.com/security/cve/CVE-2017-3316/ SUSE CVE CVE-2017-3316 page https://www.suse.com/security/cve/CVE-2017-3559/ SUSE CVE CVE-2017-3559 page https://www.suse.com/security/cve/CVE-2017-3561/ SUSE CVE CVE-2017-3561 page https://www.suse.com/security/cve/CVE-2018-0732/ SUSE CVE CVE-2018-0732 page https://www.suse.com/security/cve/CVE-2018-0739/ SUSE CVE CVE-2018-0739 page https://www.suse.com/security/cve/CVE-2018-11763/ SUSE CVE CVE-2018-11763 page https://www.suse.com/security/cve/CVE-2018-11784/ SUSE CVE CVE-2018-11784 page https://www.suse.com/security/cve/CVE-2018-2689/ SUSE CVE CVE-2018-2689 page https://www.suse.com/security/cve/CVE-2018-2694/ SUSE CVE CVE-2018-2694 page https://www.suse.com/security/cve/CVE-2018-2842/ SUSE CVE CVE-2018-2842 page https://www.suse.com/security/cve/CVE-2018-3005/ SUSE CVE CVE-2018-3005 page https://www.suse.com/security/cve/CVE-2018-3087/ SUSE CVE CVE-2018-3087 page https://www.suse.com/security/cve/CVE-2018-3288/ SUSE CVE CVE-2018-3288 page https://www.suse.com/security/cve/CVE-2018-3294/ SUSE CVE CVE-2018-3294 page https://www.suse.com/security/cve/CVE-2019-2450/ SUSE CVE CVE-2019-2450 page https://www.suse.com/security/cve/CVE-2019-2500/ SUSE CVE CVE-2019-2500 page https://www.suse.com/security/cve/CVE-2019-2501/ SUSE CVE CVE-2019-2501 page https://www.suse.com/security/cve/CVE-2019-2521/ SUSE CVE CVE-2019-2521 page https://www.suse.com/security/cve/CVE-2019-2656/ SUSE CVE CVE-2019-2656 page https://www.suse.com/security/cve/CVE-2019-2678/ SUSE CVE CVE-2019-2678 page https://www.suse.com/security/cve/CVE-2019-2722/ SUSE CVE CVE-2019-2722 page https://www.suse.com/security/cve/CVE-2019-2848/ SUSE CVE CVE-2019-2848 page https://www.suse.com/security/cve/CVE-2019-2859/ SUSE CVE CVE-2019-2859 page https://www.suse.com/security/cve/CVE-2019-2926/ SUSE CVE CVE-2019-2926 page https://www.suse.com/security/cve/CVE-2019-2984/ SUSE CVE CVE-2019-2984 page https://www.suse.com/security/cve/CVE-2019-3028/ SUSE CVE CVE-2019-3028 page https://www.suse.com/security/cve/CVE-2020-14628/ SUSE CVE CVE-2020-14628 page https://www.suse.com/security/cve/CVE-2020-14673/ SUSE CVE CVE-2020-14673 page https://www.suse.com/security/cve/CVE-2020-14677/ SUSE CVE CVE-2020-14677 page https://www.suse.com/security/cve/CVE-2020-14700/ SUSE CVE CVE-2020-14700 page https://www.suse.com/security/cve/CVE-2020-14703/ SUSE CVE CVE-2020-14703 page https://www.suse.com/security/cve/CVE-2020-14713/ SUSE CVE CVE-2020-14713 page https://www.suse.com/security/cve/CVE-2020-14715/ SUSE CVE CVE-2020-14715 page https://www.suse.com/security/cve/CVE-2020-2674/ SUSE CVE CVE-2020-2674 page https://www.suse.com/security/cve/CVE-2020-2681/ SUSE CVE CVE-2020-2681 page https://www.suse.com/security/cve/CVE-2020-2704/ SUSE CVE CVE-2020-2704 page https://www.suse.com/security/cve/CVE-2021-2074/ SUSE CVE CVE-2021-2074 page https://www.suse.com/security/cve/CVE-2021-2145/ SUSE CVE CVE-2021-2145 page https://www.suse.com/security/cve/CVE-2021-2264/ SUSE CVE CVE-2021-2264 page https://www.suse.com/security/cve/CVE-2021-2281/ SUSE CVE CVE-2021-2281 page https://www.suse.com/security/cve/CVE-2021-2287/ SUSE CVE CVE-2021-2287 page https://www.suse.com/security/cve/CVE-2021-2310/ SUSE CVE CVE-2021-2310 page openSUSE Tumbleweed python3-virtualbox-6.1.26-3.2 virtualbox-6.1.26-3.2 virtualbox-devel-6.1.26-3.2 virtualbox-guest-desktop-icons-6.1.26-3.2 virtualbox-guest-source-6.1.26-3.2 virtualbox-guest-tools-6.1.26-3.2 virtualbox-guest-x11-6.1.26-3.2 virtualbox-host-source-6.1.26-3.2 virtualbox-qt-6.1.26-3.2 virtualbox-vnc-6.1.26-3.2 virtualbox-websrv-6.1.26-3.2 python3-virtualbox-6.1.26-3.2 as a component of openSUSE Tumbleweed virtualbox-6.1.26-3.2 as a component of openSUSE Tumbleweed virtualbox-devel-6.1.26-3.2 as a component of openSUSE Tumbleweed virtualbox-guest-desktop-icons-6.1.26-3.2 as a component of openSUSE Tumbleweed virtualbox-guest-source-6.1.26-3.2 as a component of openSUSE Tumbleweed virtualbox-guest-tools-6.1.26-3.2 as a component of openSUSE Tumbleweed virtualbox-guest-x11-6.1.26-3.2 as a component of openSUSE Tumbleweed virtualbox-host-source-6.1.26-3.2 as a component of openSUSE Tumbleweed virtualbox-qt-6.1.26-3.2 as a component of openSUSE Tumbleweed virtualbox-vnc-6.1.26-3.2 as a component of openSUSE Tumbleweed virtualbox-websrv-6.1.26-3.2 as a component of openSUSE Tumbleweed Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H). CVE-2017-10392 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10392.html CVE-2017-10392 https://bugzilla.suse.com/1064200 SUSE Bug 1064200 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVE-2017-3316 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3316.html CVE-2017-3316 https://bugzilla.suse.com/1020856 SUSE Bug 1020856 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H). CVE-2017-3559 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3559.html CVE-2017-3559 https://bugzilla.suse.com/1034854 SUSE Bug 1034854 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2017-3561 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3561.html CVE-2017-3561 https://bugzilla.suse.com/1034854 SUSE Bug 1034854 During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o). CVE-2018-0732 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-0732.html CVE-2018-0732 https://bugzilla.suse.com/1077628 SUSE Bug 1077628 https://bugzilla.suse.com/1097158 SUSE Bug 1097158 https://bugzilla.suse.com/1099502 SUSE Bug 1099502 https://bugzilla.suse.com/1106692 SUSE Bug 1106692 https://bugzilla.suse.com/1108542 SUSE Bug 1108542 https://bugzilla.suse.com/1110163 SUSE Bug 1110163 https://bugzilla.suse.com/1112097 SUSE Bug 1112097 https://bugzilla.suse.com/1122198 SUSE Bug 1122198 https://bugzilla.suse.com/1148697 SUSE Bug 1148697 Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). CVE-2018-0739 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-0739.html CVE-2018-0739 https://bugzilla.suse.com/1087102 SUSE Bug 1087102 https://bugzilla.suse.com/1089997 SUSE Bug 1089997 https://bugzilla.suse.com/1094291 SUSE Bug 1094291 https://bugzilla.suse.com/1108542 SUSE Bug 1108542 In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. CVE-2018-11763 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-11763.html CVE-2018-11763 https://bugzilla.suse.com/1109961 SUSE Bug 1109961 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. CVE-2018-11784 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-11784.html CVE-2018-11784 https://bugzilla.suse.com/1110850 SUSE Bug 1110850 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-2689 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2689.html CVE-2018-2689 https://bugzilla.suse.com/1076372 SUSE Bug 1076372 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2018-2694 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2694.html CVE-2018-2694 https://bugzilla.suse.com/1076372 SUSE Bug 1076372 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2018-2842 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2842.html CVE-2018-2842 https://bugzilla.suse.com/1089997 SUSE Bug 1089997 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2018-3005 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3005.html CVE-2018-3005 https://bugzilla.suse.com/1101667 SUSE Bug 1101667 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-3087 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3087.html CVE-2018-3087 https://bugzilla.suse.com/1101667 SUSE Bug 1101667 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-3288 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3288.html CVE-2018-3288 https://bugzilla.suse.com/1112097 SUSE Bug 1112097 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows low privileged attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H). CVE-2018-3294 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3294.html CVE-2018-3294 https://bugzilla.suse.com/1112097 SUSE Bug 1112097 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). CVE-2019-2450 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2450.html CVE-2019-2450 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2019-2500 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2500.html CVE-2019-2500 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). CVE-2019-2501 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2501.html CVE-2019-2501 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2019-2521 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2521.html CVE-2019-2521 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2019-2656 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2656.html CVE-2019-2656 https://bugzilla.suse.com/1132827 SUSE Bug 1132827 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). CVE-2019-2678 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2678.html CVE-2019-2678 https://bugzilla.suse.com/1132827 SUSE Bug 1132827 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2019-2722 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2722.html CVE-2019-2722 https://bugzilla.suse.com/1132827 SUSE Bug 1132827 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). CVE-2019-2848 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2848.html CVE-2019-2848 https://bugzilla.suse.com/1141801 SUSE Bug 1141801 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2019-2859 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2859.html CVE-2019-2859 https://bugzilla.suse.com/1141801 SUSE Bug 1141801 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 2.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2926 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2926.html CVE-2019-2926 https://bugzilla.suse.com/1154166 SUSE Bug 1154166 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H). CVE-2019-2984 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2984.html CVE-2019-2984 https://bugzilla.suse.com/1154166 SUSE Bug 1154166 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2019-3028 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-3028.html CVE-2019-3028 https://bugzilla.suse.com/1154166 SUSE Bug 1154166 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: The CVE-2020-14628 is applicable to Windows VM only. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2020-14628 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14628.html CVE-2020-14628 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2020-14673 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14673.html CVE-2020-14673 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2020-14677 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14677.html CVE-2020-14677 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2020-14700 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14700.html CVE-2020-14700 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2020-14703 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14703.html CVE-2020-14703 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2020-14713 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14713.html CVE-2020-14713 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2020-14715 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14715.html CVE-2020-14715 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2020-2674 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2674.html CVE-2020-2674 https://bugzilla.suse.com/1161050 SUSE Bug 1161050 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). CVE-2020-2681 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2681.html CVE-2020-2681 https://bugzilla.suse.com/1161050 SUSE Bug 1161050 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). CVE-2020-2704 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2704.html CVE-2020-2704 https://bugzilla.suse.com/1161050 SUSE Bug 1161050 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2021-2074 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-2074.html CVE-2021-2074 https://bugzilla.suse.com/1181197 SUSE Bug 1181197 https://bugzilla.suse.com/1181199 SUSE Bug 1181199 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2021-2145 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-2145.html CVE-2021-2145 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 8.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N). CVE-2021-2264 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-2264.html CVE-2021-2264 https://bugzilla.suse.com/1184542 SUSE Bug 1184542 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N). CVE-2021-2281 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-2281.html CVE-2021-2281 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). CVE-2021-2287 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-2287.html CVE-2021-2287 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2021-2310 openSUSE Tumbleweed:python3-virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-devel-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-tools-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-guest-x11-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-host-source-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-qt-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-vnc-6.1.26-3.2 openSUSE Tumbleweed:virtualbox-websrv-6.1.26-3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-2310.html CVE-2021-2310 https://bugzilla.suse.com/1185211 SUSE Bug 1185211