This update for virtualbox fixes the following issues :

  - A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows     local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory     virtualbox version 6.1.20-1.1 and prior versions. (CVE-2021-25319)

  - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The     supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high     privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise     Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact     additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM     VirtualBox. (CVE-2021-2145, CVE-2021-2309, CVE-2021-2310)

  - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The     supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high     privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise     Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact     additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM     VirtualBox. (CVE-2021-2250)

  - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The     supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows low     privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise     Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact     additional products. Successful attacks of this vulnerability can result in unauthorized creation,     deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as     unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data.
    (CVE-2021-2264)

  - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The     supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high     privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise     Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact     additional products. Successful attacks of this vulnerability can result in unauthorized access to     critical data or complete access to all Oracle VM VirtualBox accessible data. (CVE-2021-2266,     CVE-2021-2306)

  - Improve autostart security boo#1182918.

Detections

Analytics

openSUSE 15 Security Update : virtualbox (openSUSE-SU-2021:0723-1)

high Nessus Plugin ID 149539

Version 1.8

Version 1.7

Version 1.6

Version 1.5

Version 1.4

Version 1.8 Nov 28, 2024, 9:35 AM CVSS metrics ("CVSSv3 score" set to 7.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") CVSSv3 score source (changed from "CVE-2021-2264" to none) Plugin Feed: 202411280935
Version 1.7 Jan 1, 2024, 1:39 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202401011339
Version 1.6 Mar 21, 2023, 7:30 PM Plugin metadata Plugin Feed: 202303211930
Version 1.5 Jan 5, 2023, 3:51 AM Regenerated based on advisory update Plugin Feed: 202301050351
Version 1.4 Dec 6, 2022, 6:51 PM Reference Plugin Feed: 202212061851