Candidate: CVE-2019-2863
PublicDate: 2019-07-23 23:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2863
Description:
 Vulnerability in the Oracle VM VirtualBox component of Oracle
 Virtualization (subcomponent: Core). Supported versions that are affected
 are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability
 allows low privileged attacker with logon to the infrastructure where
 Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the
 vulnerability is in Oracle VM VirtualBox, attacks may significantly impact
 additional products. Successful attacks of this vulnerability can result in
 unauthorized access to critical data or complete access to all Oracle VM
 VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality
 impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N [6.5 MEDIUM]
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N [6.5 MEDIUM]


Patches_virtualbox:
upstream_virtualbox: released (6.0.10-dfsg-1)
precise/esm_virtualbox: DNE
trusty_virtualbox: ignored (out of standard support)
trusty/esm_virtualbox: DNE
xenial_virtualbox: ignored (end of standard support, was needs-triage)
bionic_virtualbox: needs-triage
disco_virtualbox: ignored (reached end-of-life)
eoan_virtualbox: ignored (reached end-of-life)
focal_virtualbox: released (6.1.16-dfsg-6~ubuntu1.20.04.1)
groovy_virtualbox: released (6.1.16-dfsg-6~ubuntu1.20.10.1)
hirsute_virtualbox: not-affected (6.1.18-dfsg-5)
impish_virtualbox: not-affected (6.1.18-dfsg-5)
jammy_virtualbox: not-affected (6.1.18-dfsg-5)
devel_virtualbox: not-affected (6.1.18-dfsg-5)