cvelistv5 - CVE-2020-2894

CVE-2020-2894 (GCVE-0-2020-2894)

Vulnerability from cvelistv5 – Published: 2020-04-15 13:29 – Updated: 2024-09-27 18:53

Summary

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Severity ?

6 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE

Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.

Assigner

oracle

References

URL

Tags

	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://security.gentoo.org/glsa/202101-09	vendor-advisoryx_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	Oracle Corporation	VM VirtualBox	Affected: prior to 5.2.40 Affected: prior to 6.0.20 Affected: prior to 6.1.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:23:58.896Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-581/"
          },
          {
            "name": "openSUSE-SU-2020:0925",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"
          },
          {
            "name": "GLSA-202101-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-09"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2894",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T18:01:34.446592Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-27T18:53:27.206Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "VM VirtualBox",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 5.2.40"
            },
            {
              "status": "affected",
              "version": "prior to 6.0.20"
            },
            {
              "status": "affected",
              "version": "prior to 6.1.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-12T19:06:34",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-581/"
        },
        {
          "name": "openSUSE-SU-2020:0925",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"
        },
        {
          "name": "GLSA-202101-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-09"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2894",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "VM VirtualBox",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to 5.2.40"
                          },
                          {
                            "version_value": "prior to 6.0.20"
                          },
                          {
                            "version_value": "prior to 6.1.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "6.0",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-581/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-581/"
            },
            {
              "name": "openSUSE-SU-2020:0925",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"
            },
            {
              "name": "GLSA-202101-09",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-09"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2894",
    "datePublished": "2020-04-15T13:29:51",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-27T18:53:27.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.2.40\", \"matchCriteriaId\": \"129CB958-DAE6-436B-94A7-C2EB377A4BAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndExcluding\": \"6.0.20\", \"matchCriteriaId\": \"3E50538C-FD1A-44E5-B24D-A0C2E72E43C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.1.0\", \"versionEndExcluding\": \"6.1.6\", \"matchCriteriaId\": \"81D2771A-60CB-403C-A62F-3DBC8E29A94E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad en el producto Oracle VM VirtualBox de Oracle Virtualization (componente: Core). Las versiones compatibles afectadas son anteriores a la versi\\u00f3n 5.2.40, anteriores a la versi\\u00f3n 6.0.20 y anteriores a la versi\\u00f3n 6.1.6. La vulnerabilidad f\\u00e1cilmente explotable permite a los atacantes con privilegios elevados iniciar sesi\\u00f3n en la infraestructura donde se ejecuta Oracle VM VirtualBox para comprometer Oracle VM VirtualBox. Si bien la vulnerabilidad se encuentra en Oracle VM VirtualBox, los ataques pueden afectar significativamente a productos adicionales. Los ataques con \\u00e9xito  de esta vulnerabilidad pueden resultar en la adquisici\\u00f3n de Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Impactos de confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS: 3.0 / AV: L / AC: L / PR: H / UI: N / S: C / C: H / I: N / A: N).\"}]",
      "id": "CVE-2020-2894",
      "lastModified": "2024-11-21T05:26:33.973",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 6.0, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.5, \"impactScore\": 4.0}], \"cvssMetricV30\": [{\"source\": \"secalert_us@oracle.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 6.0, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.5, \"impactScore\": 4.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-04-15T14:15:34.233",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202101-09\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-581/\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202101-09\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-581/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "secalert_us@oracle.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-2894\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2020-04-15T14:15:34.233\",\"lastModified\":\"2024-11-21T05:26:33.973\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en el producto Oracle VM VirtualBox de Oracle Virtualization (componente: Core). Las versiones compatibles afectadas son anteriores a la versi\u00f3n 5.2.40, anteriores a la versi\u00f3n 6.0.20 y anteriores a la versi\u00f3n 6.1.6. La vulnerabilidad f\u00e1cilmente explotable permite a los atacantes con privilegios elevados iniciar sesi\u00f3n en la infraestructura donde se ejecuta Oracle VM VirtualBox para comprometer Oracle VM VirtualBox. Si bien la vulnerabilidad se encuentra en Oracle VM VirtualBox, los ataques pueden afectar significativamente a productos adicionales. Los ataques con \u00e9xito  de esta vulnerabilidad pueden resultar en la adquisici\u00f3n de Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Impactos de confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS: 3.0 / AV: L / AC: L / PR: H / UI: N / S: C / C: H / I: N / A: N).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.5,\"impactScore\":4.0}],\"cvssMetricV30\":[{\"source\":\"secalert_us@oracle.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.5,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.40\",\"matchCriteriaId\":\"129CB958-DAE6-436B-94A7-C2EB377A4BAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.0.20\",\"matchCriteriaId\":\"3E50538C-FD1A-44E5-B24D-A0C2E72E43C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.0\",\"versionEndExcluding\":\"6.1.6\",\"matchCriteriaId\":\"81D2771A-60CB-403C-A62F-3DBC8E29A94E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202101-09\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-20-581/\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202101-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-20-581/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-581/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html\", \"name\": \"openSUSE-SU-2020:0925\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202101-09\", \"name\": \"GLSA-202101-09\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T07:23:58.896Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-2894\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-27T18:01:34.446592Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-27T18:02:32.042Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_0\": {\"scope\": \"CHANGED\", \"version\": \"3.0\", \"baseScore\": 6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"VM VirtualBox\", \"versions\": [{\"status\": \"affected\", \"version\": \"prior to 5.2.40\"}, {\"status\": \"affected\", \"version\": \"prior to 6.0.20\"}, {\"status\": \"affected\", \"version\": \"prior to 6.1.6\"}]}], \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-581/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html\", \"name\": \"openSUSE-SU-2020:0925\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://security.gentoo.org/glsa/202101-09\", \"name\": \"GLSA-202101-09\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2021-01-12T19:06:34\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"6.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\"}}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"prior to 5.2.40\"}, {\"version_value\": \"prior to 6.0.20\"}, {\"version_value\": \"prior to 6.1.6\"}]}, \"product_name\": \"VM VirtualBox\"}]}, \"vendor_name\": \"Oracle Corporation\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"name\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-581/\", \"name\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-581/\", \"refsource\": \"MISC\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html\", \"name\": \"openSUSE-SU-2020:0925\", \"refsource\": \"SUSE\"}, {\"url\": \"https://security.gentoo.org/glsa/202101-09\", \"name\": \"GLSA-202101-09\", \"refsource\": \"GENTOO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-2894\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert_us@oracle.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-2894\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-27T18:53:27.206Z\", \"dateReserved\": \"2019-12-10T00:00:00\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2020-04-15T13:29:51\", \"assignerShortName\": \"oracle\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2020-AVI-220

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Oracle Virtualization. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Oracle	Virtualization	Oracle VM VirtualBox versions antérieures à 5.2.40, antérieures à 6.0.20 et antérieures à 6.1.6

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuapr2020 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Oracle cpuapr2020verbose du 14 avril 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle VM VirtualBox versions ant\u00e9rieures \u00e0 5.2.40, ant\u00e9rieures \u00e0 6.0.20 et ant\u00e9rieures \u00e0 6.1.6",
      "product": {
        "name": "Virtualization",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-2742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2742"
    },
    {
      "name": "CVE-2020-2905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2905"
    },
    {
      "name": "CVE-2020-2914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2914"
    },
    {
      "name": "CVE-2020-2908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2908"
    },
    {
      "name": "CVE-2020-2910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2910"
    },
    {
      "name": "CVE-2020-2907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2907"
    },
    {
      "name": "CVE-2020-2913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2913"
    },
    {
      "name": "CVE-2020-2894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2894"
    },
    {
      "name": "CVE-2020-2758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2758"
    },
    {
      "name": "CVE-2020-2959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2959"
    },
    {
      "name": "CVE-2020-2909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2909"
    },
    {
      "name": "CVE-2020-2743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2743"
    },
    {
      "name": "CVE-2020-2951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2951"
    },
    {
      "name": "CVE-2020-2902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2902"
    },
    {
      "name": "CVE-2020-2929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2929"
    },
    {
      "name": "CVE-2020-2748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2748"
    },
    {
      "name": "CVE-2020-2911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2911"
    },
    {
      "name": "CVE-2020-2958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2958"
    },
    {
      "name": "CVE-2020-2741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2741"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-220",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle\nVirtualization. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Virtualization",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2020 du 14 avril 2020",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2020verbose du 14 avril 2020",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020verbose.html#OVIR"
    }
  ]
}

CERTFR-2020-AVI-220

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Oracle	Virtualization	Oracle VM VirtualBox versions antérieures à 5.2.40, antérieures à 6.0.20 et antérieures à 6.1.6

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuapr2020 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Oracle cpuapr2020verbose du 14 avril 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle VM VirtualBox versions ant\u00e9rieures \u00e0 5.2.40, ant\u00e9rieures \u00e0 6.0.20 et ant\u00e9rieures \u00e0 6.1.6",
      "product": {
        "name": "Virtualization",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-2742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2742"
    },
    {
      "name": "CVE-2020-2905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2905"
    },
    {
      "name": "CVE-2020-2914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2914"
    },
    {
      "name": "CVE-2020-2908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2908"
    },
    {
      "name": "CVE-2020-2910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2910"
    },
    {
      "name": "CVE-2020-2907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2907"
    },
    {
      "name": "CVE-2020-2913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2913"
    },
    {
      "name": "CVE-2020-2894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2894"
    },
    {
      "name": "CVE-2020-2758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2758"
    },
    {
      "name": "CVE-2020-2959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2959"
    },
    {
      "name": "CVE-2020-2909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2909"
    },
    {
      "name": "CVE-2020-2743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2743"
    },
    {
      "name": "CVE-2020-2951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2951"
    },
    {
      "name": "CVE-2020-2902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2902"
    },
    {
      "name": "CVE-2020-2929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2929"
    },
    {
      "name": "CVE-2020-2748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2748"
    },
    {
      "name": "CVE-2020-2911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2911"
    },
    {
      "name": "CVE-2020-2958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2958"
    },
    {
      "name": "CVE-2020-2741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2741"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-220",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle\nVirtualization. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Virtualization",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2020 du 14 avril 2020",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2020verbose du 14 avril 2020",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020verbose.html#OVIR"
    }
  ]
}

CNVD-2020-24424

Vulnerability from cnvd - Published: 2020-04-24

Title

Oracle Virtualization VM VirtualBox存在未明漏洞（CNVD-2020-24424）

Description

Oracle Virtualization是美国甲骨文（Oracle）公司的一套虚拟化解决方案。该产品用于统一管理从应用程序到磁盘的整个硬件和软件体系，可实现从桌面到数据中心的虚拟化。VM VirtualBox是其中的一个虚拟机组件。 Oracle Virtualization中的VM VirtualBox 5.2.40之前版本，6.0.20之前版本和6.1.6之前版本的Core组件存在安全漏洞。攻击者可利用该漏洞控制Oracle VM VirtualBox，影响数据的可用性、保密性和完整性。

Severity

中

Patch Name

Oracle Virtualization VM VirtualBox存在未明漏洞（CNVD-2020-24424）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.oracle.com/security-alerts/cpuapr2020.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-2894

Impacted products

Name
['Oracle VM VirtualBox <5.2.40', 'Oracle VM VirtualBox <6.0.20', 'Oracle VM VirtualBox <6.1.6']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-2894"
    }
  },
  "description": "Oracle Virtualization\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u865a\u62df\u5316\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u4ea7\u54c1\u7528\u4e8e\u7edf\u4e00\u7ba1\u7406\u4ece\u5e94\u7528\u7a0b\u5e8f\u5230\u78c1\u76d8\u7684\u6574\u4e2a\u786c\u4ef6\u548c\u8f6f\u4ef6\u4f53\u7cfb\uff0c\u53ef\u5b9e\u73b0\u4ece\u684c\u9762\u5230\u6570\u636e\u4e2d\u5fc3\u7684\u865a\u62df\u5316\u3002VM VirtualBox\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u865a\u62df\u673a\u7ec4\u4ef6\u3002\n\nOracle Virtualization\u4e2d\u7684VM VirtualBox 5.2.40\u4e4b\u524d\u7248\u672c\uff0c6.0.20\u4e4b\u524d\u7248\u672c\u548c6.1.6\u4e4b\u524d\u7248\u672c\u7684Core\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236Oracle VM VirtualBox\uff0c\u5f71\u54cd\u6570\u636e\u7684\u53ef\u7528\u6027\u3001\u4fdd\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.oracle.com/security-alerts/cpuapr2020.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-24424",
  "openTime": "2020-04-24",
  "patchDescription": "Oracle Virtualization\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u865a\u62df\u5316\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u4ea7\u54c1\u7528\u4e8e\u7edf\u4e00\u7ba1\u7406\u4ece\u5e94\u7528\u7a0b\u5e8f\u5230\u78c1\u76d8\u7684\u6574\u4e2a\u786c\u4ef6\u548c\u8f6f\u4ef6\u4f53\u7cfb\uff0c\u53ef\u5b9e\u73b0\u4ece\u684c\u9762\u5230\u6570\u636e\u4e2d\u5fc3\u7684\u865a\u62df\u5316\u3002VM VirtualBox\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u865a\u62df\u673a\u7ec4\u4ef6\u3002\r\n\r\nOracle Virtualization\u4e2d\u7684VM VirtualBox 5.2.40\u4e4b\u524d\u7248\u672c\uff0c6.0.20\u4e4b\u524d\u7248\u672c\u548c6.1.6\u4e4b\u524d\u7248\u672c\u7684Core\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236Oracle VM VirtualBox\uff0c\u5f71\u54cd\u6570\u636e\u7684\u53ef\u7528\u6027\u3001\u4fdd\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle Virtualization VM VirtualBox\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2020-24424\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Oracle VM VirtualBox \u003c5.2.40",
      "Oracle VM VirtualBox \u003c6.0.20",
      "Oracle VM VirtualBox \u003c6.1.6"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-2894",
  "serverity": "\u4e2d",
  "submitTime": "2020-04-17",
  "title": "Oracle Virtualization VM VirtualBox\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2020-24424\uff09"
}

GSD-2020-2894

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-2894

Aliases

CVE-2020-2894

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-2894",
    "description": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).",
    "id": "GSD-2020-2894",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-2894.html",
      "https://advisories.mageia.org/CVE-2020-2894.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-2894"
      ],
      "details": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).",
      "id": "GSD-2020-2894",
      "modified": "2023-12-13T01:21:50.621434Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert_us@oracle.com",
        "ID": "CVE-2020-2894",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "VM VirtualBox",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "prior to 5.2.40"
                        },
                        {
                          "version_value": "prior to 6.0.20"
                        },
                        {
                          "version_value": "prior to 6.1.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Oracle Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": "6.0",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-581/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-581/"
          },
          {
            "name": "openSUSE-SU-2020:0925",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"
          },
          {
            "name": "GLSA-202101-09",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202101-09"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.1.6",
                "versionStartIncluding": "6.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.20",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.2.40",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2894"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-581/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-581/"
            },
            {
              "name": "openSUSE-SU-2020:0925",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"
            },
            {
              "name": "GLSA-202101-09",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202101-09"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.5,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2022-10-25T17:50Z",
      "publishedDate": "2020-04-15T14:15Z"
    }
  }
}

OPENSUSE-SU-2020:0925-1

Vulnerability from csaf_opensuse - Published: 2020-07-03 12:17 - Updated: 2020-07-03 12:17

Summary

Security update for Virtualbox

Notes

Title of the patch

Security update for Virtualbox

Description of the patch

Virtualbox was updated to 6.0.22 (released May 15 2020 by Oracle) This is a maintenance release. The following items were fixed and/or added: Guest Additions: Build problems fix with Oracle Linux 8.2 (Red Hat compatible kernel) / Red Hat Enterprise Linux 8.2 / CentOS 8.2 (bug #19391) Guest Control/VBoxManage: fix handling of multiple environment variables supplied to 'VBoxManage guestcontrol VM run' (6.1.6/6.0.20 regression; bug #19518) Version bump to 6.0.20 (released April 14 2020 by Oracle) This is a maintenance release. The following items were fixed and/or added: - USB: Multiple enhancements improving prformance and stability - VBoxManage: Multiple fixes for guestcontrol command - Graphics: Enhancements in 2D and 3D acceleration and rendering - API: Fix for exception handling bug in Python bindings - Linux host and guest: Support Linux kernel 5.6 (bug #19312) This update fixes the following security issues: CVE-2020-2741, CVE-2020-2742, CVE-2020-2743, CVE-2020-2748, CVE-2020-2758, CVE-2020-2894, CVE-2020-2902, CVE-2020-2905, CVE-2020-2907, CVE-2020-2908, CVE-2020-2909, CVE-2020-2910, CVE-2020-2911, CVE-2020-2913, CVE-2020-2914, CVE-2020-2929, CVE-2020-2951, CVE-2020-2958, CVE-2020-2959 (bsc#1169628)

Patchnames

openSUSE-2020-925

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Virtualbox",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nVirtualbox was updated to 6.0.22 (released May 15 2020 by Oracle)\n\nThis is a maintenance release. The following items were fixed and/or added:\n\nGuest Additions: Build problems fix with Oracle Linux 8.2 (Red Hat compatible kernel) / Red Hat Enterprise Linux 8.2 / CentOS 8.2 (bug #19391)\nGuest Control/VBoxManage: fix handling of multiple environment variables supplied to \u0027VBoxManage guestcontrol VM run\u0027 (6.1.6/6.0.20 regression; bug #19518)\n\nVersion bump to 6.0.20 (released April 14 2020 by Oracle)\n\nThis is a maintenance release. The following items were fixed and/or added:\n\n- USB: Multiple enhancements improving prformance and stability\n- VBoxManage: Multiple fixes for guestcontrol command\n- Graphics: Enhancements in 2D and 3D acceleration and rendering\n- API: Fix for exception handling bug in Python bindings\n- Linux host and guest: Support Linux kernel 5.6 (bug #19312)\n\nThis update fixes the following security issues: CVE-2020-2741, CVE-2020-2742, CVE-2020-2743, CVE-2020-2748, CVE-2020-2758, CVE-2020-2894, CVE-2020-2902, CVE-2020-2905, CVE-2020-2907, CVE-2020-2908, CVE-2020-2909, CVE-2020-2910, CVE-2020-2911, CVE-2020-2913, CVE-2020-2914, CVE-2020-2929, CVE-2020-2951, CVE-2020-2958, CVE-2020-2959 (bsc#1169628)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-925",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0925-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:0925-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:0925-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1169628",
        "url": "https://bugzilla.suse.com/1169628"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-2741 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-2741/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-2742 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-2742/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-2743 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-2743/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-2748 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-2748/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-2758 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-2758/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-2894 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-2894/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-2902 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-2902/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-2905 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-2905/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-2907 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-2907/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-2908 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-2908/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-2909 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-2909/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-2910 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-2910/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-2911 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-2911/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-2913 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-2913/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-2914 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-2914/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-2929 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-2929/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-2951 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-2951/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-2958 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-2958/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-2959 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-2959/"
      }
    ],
    "title": "Security update for Virtualbox",
    "tracking": {
      "current_release_date": "2020-07-03T12:17:20Z",
      "generator": {
        "date": "2020-07-03T12:17:20Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:0925-1",
      "initial_release_date": "2020-07-03T12:17:20Z",
      "revision_history": [
        {
          "date": "2020-07-03T12:17:20Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
                "product": {
                  "name": "virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
                  "product_id": "virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
                "product": {
                  "name": "virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
                  "product_id": "virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
                "product": {
                  "name": "virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
                  "product_id": "virtualbox-host-source-6.0.22-lp151.2.15.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
                "product": {
                  "name": "python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
                  "product_id": "python3-virtualbox-6.0.22-lp151.2.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "virtualbox-6.0.22-lp151.2.15.1.x86_64",
                "product": {
                  "name": "virtualbox-6.0.22-lp151.2.15.1.x86_64",
                  "product_id": "virtualbox-6.0.22-lp151.2.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
                "product": {
                  "name": "virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
                  "product_id": "virtualbox-devel-6.0.22-lp151.2.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
                "product": {
                  "name": "virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
                  "product_id": "virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
                "product": {
                  "name": "virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
                  "product_id": "virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
                "product": {
                  "name": "virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
                  "product_id": "virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
                "product": {
                  "name": "virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
                  "product_id": "virtualbox-qt-6.0.22-lp151.2.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
                "product": {
                  "name": "virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
                  "product_id": "virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64",
                "product": {
                  "name": "virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64",
                  "product_id": "virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-virtualbox-6.0.22-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64"
        },
        "product_reference": "python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtualbox-6.0.22-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64"
        },
        "product_reference": "virtualbox-6.0.22-lp151.2.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtualbox-devel-6.0.22-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64"
        },
        "product_reference": "virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch"
        },
        "product_reference": "virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch"
        },
        "product_reference": "virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64"
        },
        "product_reference": "virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64"
        },
        "product_reference": "virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtualbox-host-source-6.0.22-lp151.2.15.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch"
        },
        "product_reference": "virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64"
        },
        "product_reference": "virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtualbox-qt-6.0.22-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64"
        },
        "product_reference": "virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64"
        },
        "product_reference": "virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
        },
        "product_reference": "virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-2741",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-2741"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-2741",
          "url": "https://www.suse.com/security/cve/CVE-2020-2741"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169628 for CVE-2020-2741",
          "url": "https://bugzilla.suse.com/1169628"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174159 for CVE-2020-2741",
          "url": "https://bugzilla.suse.com/1174159"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-03T12:17:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-2741"
    },
    {
      "cve": "CVE-2020-2742",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-2742"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-2742",
          "url": "https://www.suse.com/security/cve/CVE-2020-2742"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169628 for CVE-2020-2742",
          "url": "https://bugzilla.suse.com/1169628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-03T12:17:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-2742"
    },
    {
      "cve": "CVE-2020-2743",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-2743"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-2743",
          "url": "https://www.suse.com/security/cve/CVE-2020-2743"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169628 for CVE-2020-2743",
          "url": "https://bugzilla.suse.com/1169628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-03T12:17:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-2743"
    },
    {
      "cve": "CVE-2020-2748",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-2748"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-2748",
          "url": "https://www.suse.com/security/cve/CVE-2020-2748"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169628 for CVE-2020-2748",
          "url": "https://bugzilla.suse.com/1169628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-03T12:17:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-2748"
    },
    {
      "cve": "CVE-2020-2758",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-2758"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-2758",
          "url": "https://www.suse.com/security/cve/CVE-2020-2758"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169628 for CVE-2020-2758",
          "url": "https://bugzilla.suse.com/1169628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-03T12:17:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-2758"
    },
    {
      "cve": "CVE-2020-2894",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-2894"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-2894",
          "url": "https://www.suse.com/security/cve/CVE-2020-2894"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169628 for CVE-2020-2894",
          "url": "https://bugzilla.suse.com/1169628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-03T12:17:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-2894"
    },
    {
      "cve": "CVE-2020-2902",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-2902"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-2902",
          "url": "https://www.suse.com/security/cve/CVE-2020-2902"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169628 for CVE-2020-2902",
          "url": "https://bugzilla.suse.com/1169628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-03T12:17:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-2902"
    },
    {
      "cve": "CVE-2020-2905",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-2905"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-2905",
          "url": "https://www.suse.com/security/cve/CVE-2020-2905"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169628 for CVE-2020-2905",
          "url": "https://bugzilla.suse.com/1169628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-03T12:17:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-2905"
    },
    {
      "cve": "CVE-2020-2907",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-2907"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-2907",
          "url": "https://www.suse.com/security/cve/CVE-2020-2907"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169628 for CVE-2020-2907",
          "url": "https://bugzilla.suse.com/1169628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-03T12:17:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-2907"
    },
    {
      "cve": "CVE-2020-2908",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-2908"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-2908",
          "url": "https://www.suse.com/security/cve/CVE-2020-2908"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169628 for CVE-2020-2908",
          "url": "https://bugzilla.suse.com/1169628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-03T12:17:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-2908"
    },
    {
      "cve": "CVE-2020-2909",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-2909"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-2909",
          "url": "https://www.suse.com/security/cve/CVE-2020-2909"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169628 for CVE-2020-2909",
          "url": "https://bugzilla.suse.com/1169628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-03T12:17:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-2909"
    },
    {
      "cve": "CVE-2020-2910",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-2910"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-2910",
          "url": "https://www.suse.com/security/cve/CVE-2020-2910"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169628 for CVE-2020-2910",
          "url": "https://bugzilla.suse.com/1169628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-03T12:17:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-2910"
    },
    {
      "cve": "CVE-2020-2911",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-2911"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-2911",
          "url": "https://www.suse.com/security/cve/CVE-2020-2911"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169628 for CVE-2020-2911",
          "url": "https://bugzilla.suse.com/1169628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-03T12:17:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-2911"
    },
    {
      "cve": "CVE-2020-2913",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-2913"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-2913",
          "url": "https://www.suse.com/security/cve/CVE-2020-2913"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169628 for CVE-2020-2913",
          "url": "https://bugzilla.suse.com/1169628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-03T12:17:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-2913"
    },
    {
      "cve": "CVE-2020-2914",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-2914"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-2914",
          "url": "https://www.suse.com/security/cve/CVE-2020-2914"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169628 for CVE-2020-2914",
          "url": "https://bugzilla.suse.com/1169628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-03T12:17:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-2914"
    },
    {
      "cve": "CVE-2020-2929",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-2929"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-2929",
          "url": "https://www.suse.com/security/cve/CVE-2020-2929"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169628 for CVE-2020-2929",
          "url": "https://bugzilla.suse.com/1169628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-03T12:17:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-2929"
    },
    {
      "cve": "CVE-2020-2951",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-2951"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-2951",
          "url": "https://www.suse.com/security/cve/CVE-2020-2951"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169628 for CVE-2020-2951",
          "url": "https://bugzilla.suse.com/1169628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-03T12:17:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-2951"
    },
    {
      "cve": "CVE-2020-2958",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-2958"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-2958",
          "url": "https://www.suse.com/security/cve/CVE-2020-2958"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169628 for CVE-2020-2958",
          "url": "https://bugzilla.suse.com/1169628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-03T12:17:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-2958"
    },
    {
      "cve": "CVE-2020-2959",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-2959"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via MLD to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
          "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-2959",
          "url": "https://www.suse.com/security/cve/CVE-2020-2959"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169628 for CVE-2020-2959",
          "url": "https://bugzilla.suse.com/1169628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1.noarch",
            "openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-03T12:17:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-2959"
    }
  ]
}

FKIE_CVE-2020-2894

Vulnerability from fkie_nvd - Published: 2020-04-15 14:15 - Updated: 2024-11-21 05:26

Severity ?

6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Summary

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202101-09	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2020.html	Patch, Vendor Advisory
secalert_us@oracle.com	https://www.zerodayinitiative.com/advisories/ZDI-20-581/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202101-09	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2020.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-20-581/	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
oracle	vm_virtualbox	*
oracle	vm_virtualbox	*
oracle	vm_virtualbox	*
opensuse	leap	15.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "129CB958-DAE6-436B-94A7-C2EB377A4BAD",
              "versionEndExcluding": "5.2.40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E50538C-FD1A-44E5-B24D-A0C2E72E43C9",
              "versionEndExcluding": "6.0.20",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "81D2771A-60CB-403C-A62F-3DBC8E29A94E",
              "versionEndExcluding": "6.1.6",
              "versionStartIncluding": "6.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Oracle VM VirtualBox de Oracle Virtualization (componente: Core). Las versiones compatibles afectadas son anteriores a la versi\u00f3n 5.2.40, anteriores a la versi\u00f3n 6.0.20 y anteriores a la versi\u00f3n 6.1.6. La vulnerabilidad f\u00e1cilmente explotable permite a los atacantes con privilegios elevados iniciar sesi\u00f3n en la infraestructura donde se ejecuta Oracle VM VirtualBox para comprometer Oracle VM VirtualBox. Si bien la vulnerabilidad se encuentra en Oracle VM VirtualBox, los ataques pueden afectar significativamente a productos adicionales. Los ataques con \u00e9xito  de esta vulnerabilidad pueden resultar en la adquisici\u00f3n de Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Impactos de confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS: 3.0 / AV: L / AC: L / PR: H / UI: N / S: C / C: H / I: N / A: N)."
    }
  ],
  "id": "CVE-2020-2894",
  "lastModified": "2024-11-21T05:26:33.973",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 4.0,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T14:15:34.233",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-09"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-581/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202101-09"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-581/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-M43V-J4X4-R7MP

Vulnerability from github – Published: 2022-05-24 17:15 – Updated: 2022-10-25 19:00

Details

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Severity ?

6.0 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-2894"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-15T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",
  "id": "GHSA-m43v-j4x4-r7mp",
  "modified": "2022-10-25T19:00:24Z",
  "published": "2022-05-24T17:15:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2894"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202101-09"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-581"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-2894 (GCVE-0-2020-2894)

CERTFR-2020-AVI-220

Solution

CERTFR-2020-AVI-220

Solution

CNVD-2020-24424

GSD-2020-2894

OPENSUSE-SU-2020:0925-1

FKIE_CVE-2020-2894

GHSA-M43V-J4X4-R7MP

Tags

Sightings

Nomenclature