Security update for virtualbox SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0723-1 Final 1 1 2021-10-09T08:28:18Z current 2021-10-09T08:28:18Z 2021-10-09T08:28:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for virtualbox This update for virtualbox fixes the following issues: virtualbox was updated to 6.1.22 (released April 29 2021 by Oracle) This is a maintenance release. The following items were fixed and/or added: - VMM: Improved performance of 64-bit Windows and Solaris guests when Hyper-V is used on recent Windows 10 hosts - VMM: Fixed frequent crashes of 64-bit Windows Vista and Server 2003 guests when Hyper-V is used - GUI: Fixed regression where user was not able to save unset default shortcuts (bug #20305) - Storage: Fixed regression in LsiLogic SAS controller emulation caused VM crash (bug #20323) - Linux Guest Additions: Fixed issue when it was not possible to run executables from mounted share (bug #20320) - Fixes for CVE-2021-2145 CVE-2021-2250 CVE-2021-2264 CVE-2021-2266 CVE-2021-2279 CVE-2021-2280 CVE-2021-2281 CVE-2021-2282 CVE-2021-2283 CVE-2021-2284 CVE-2021-2285 CVE-2021-2286 CVE-2021-2287 CVE-2021-2291 CVE-2021-2296 CVE-2021-2297 CVE-2021-2306 CVE-2021-2309 CVE-2021-2310 CVE-2021-2312 - Version bump to (released April 20 2021 by Oracle) File 'virtualbox-kmp-files-leap' is deleted. - Use distconfdir for xinitrc.d files on TW - Improve autostart security boo#1182918. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-723 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ E-Mail link for openSUSE-SU-2021:0723-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1182918 SUSE Bug 1182918 https://www.suse.com/security/cve/CVE-2021-2145/ SUSE CVE CVE-2021-2145 page https://www.suse.com/security/cve/CVE-2021-2250/ SUSE CVE CVE-2021-2250 page https://www.suse.com/security/cve/CVE-2021-2264/ SUSE CVE CVE-2021-2264 page https://www.suse.com/security/cve/CVE-2021-2266/ SUSE CVE CVE-2021-2266 page https://www.suse.com/security/cve/CVE-2021-2279/ SUSE CVE CVE-2021-2279 page https://www.suse.com/security/cve/CVE-2021-2280/ SUSE CVE CVE-2021-2280 page https://www.suse.com/security/cve/CVE-2021-2281/ SUSE CVE CVE-2021-2281 page https://www.suse.com/security/cve/CVE-2021-2282/ SUSE CVE CVE-2021-2282 page https://www.suse.com/security/cve/CVE-2021-2283/ SUSE CVE CVE-2021-2283 page https://www.suse.com/security/cve/CVE-2021-2284/ SUSE CVE CVE-2021-2284 page https://www.suse.com/security/cve/CVE-2021-2285/ SUSE CVE CVE-2021-2285 page https://www.suse.com/security/cve/CVE-2021-2286/ SUSE CVE CVE-2021-2286 page https://www.suse.com/security/cve/CVE-2021-2287/ SUSE CVE CVE-2021-2287 page https://www.suse.com/security/cve/CVE-2021-2291/ SUSE CVE CVE-2021-2291 page https://www.suse.com/security/cve/CVE-2021-2296/ SUSE CVE CVE-2021-2296 page https://www.suse.com/security/cve/CVE-2021-2297/ SUSE CVE CVE-2021-2297 page https://www.suse.com/security/cve/CVE-2021-2306/ SUSE CVE CVE-2021-2306 page https://www.suse.com/security/cve/CVE-2021-2309/ SUSE CVE CVE-2021-2309 page https://www.suse.com/security/cve/CVE-2021-2310/ SUSE CVE CVE-2021-2310 page https://www.suse.com/security/cve/CVE-2021-2312/ SUSE CVE CVE-2021-2312 page https://www.suse.com/security/cve/CVE-2021-25319/ SUSE CVE CVE-2021-25319 page openSUSE Leap 15.2 python3-virtualbox-6.1.22-lp152.2.24.2 virtualbox-6.1.22-lp152.2.24.2 virtualbox-devel-6.1.22-lp152.2.24.2 virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 virtualbox-guest-source-6.1.22-lp152.2.24.2 virtualbox-guest-tools-6.1.22-lp152.2.24.2 virtualbox-guest-x11-6.1.22-lp152.2.24.2 virtualbox-host-source-6.1.22-lp152.2.24.2 virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 virtualbox-qt-6.1.22-lp152.2.24.2 virtualbox-vnc-6.1.22-lp152.2.24.2 virtualbox-websrv-6.1.22-lp152.2.24.2 python3-virtualbox-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-devel-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-guest-source-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-guest-tools-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-guest-x11-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-host-source-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-qt-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-vnc-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-websrv-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2021-2145 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ https://www.suse.com/security/cve/CVE-2021-2145.html CVE-2021-2145 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2021-2250 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ https://www.suse.com/security/cve/CVE-2021-2250.html CVE-2021-2250 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 8.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N). CVE-2021-2264 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ https://www.suse.com/security/cve/CVE-2021-2264.html CVE-2021-2264 https://bugzilla.suse.com/1184542 SUSE Bug 1184542 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2021-2266 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ https://www.suse.com/security/cve/CVE-2021-2266.html CVE-2021-2266 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). CVE-2021-2279 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ https://www.suse.com/security/cve/CVE-2021-2279.html CVE-2021-2279 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). CVE-2021-2280 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ https://www.suse.com/security/cve/CVE-2021-2280.html CVE-2021-2280 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N). CVE-2021-2281 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ https://www.suse.com/security/cve/CVE-2021-2281.html CVE-2021-2281 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). CVE-2021-2282 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ https://www.suse.com/security/cve/CVE-2021-2282.html CVE-2021-2282 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). CVE-2021-2283 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ https://www.suse.com/security/cve/CVE-2021-2283.html CVE-2021-2283 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N). CVE-2021-2284 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ https://www.suse.com/security/cve/CVE-2021-2284.html CVE-2021-2284 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). CVE-2021-2285 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ https://www.suse.com/security/cve/CVE-2021-2285.html CVE-2021-2285 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N). CVE-2021-2286 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ https://www.suse.com/security/cve/CVE-2021-2286.html CVE-2021-2286 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). CVE-2021-2287 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ https://www.suse.com/security/cve/CVE-2021-2287.html CVE-2021-2287 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). CVE-2021-2291 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ https://www.suse.com/security/cve/CVE-2021-2291.html CVE-2021-2291 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2021-2296 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ https://www.suse.com/security/cve/CVE-2021-2296.html CVE-2021-2296 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2021-2297 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ https://www.suse.com/security/cve/CVE-2021-2297.html CVE-2021-2297 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2021-2306 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ https://www.suse.com/security/cve/CVE-2021-2306.html CVE-2021-2306 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2021-2309 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ https://www.suse.com/security/cve/CVE-2021-2309.html CVE-2021-2309 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2021-2310 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ https://www.suse.com/security/cve/CVE-2021-2310.html CVE-2021-2310 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2021-2312 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ https://www.suse.com/security/cve/CVE-2021-2312.html CVE-2021-2312 https://bugzilla.suse.com/1185211 SUSE Bug 1185211 A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versions. CVE-2021-25319 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2VYFQN75RCOBQFQCIU4LU7E32CGO4SK/ https://www.suse.com/security/cve/CVE-2021-25319.html CVE-2021-25319 https://bugzilla.suse.com/1182918 SUSE Bug 1182918