Vulnerabilities > CVE-2015-2594 - Local Security vulnerability in Oracle VM VirtualBox
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.32, 4.1.40, 4.2.32, and 4.3.30 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-550.NASL description - Version bump to 4.2.32 bnc#938408 CVE-2015-2594 - Storage: fixed a crash when taking snapshots (4.2.30 regression) - ExtPack: don last seen 2020-06-05 modified 2015-08-19 plugin id 85525 published 2015-08-19 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85525 title openSUSE Security Update : virtualbox (openSUSE-2015-550) (Venom) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-313.NASL description The latest maintenance release of the VirtualBox (OSE) 3.2.x series (i.e., version 3.2.28) has been uploaded to Debian LTS (squeeze). Thanks to Gianfranco Costamagna for preparing packages for review and upload by the Debian LTS Team. Unfortunately, Oracle no longer provides information on specific security vulnerabilities in VirtualBox, thus we provide their latest 3.2.28 maintenance release in Debian LTS (squeeze) directly. CVE-2013-3792 Oracle reported an unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.18, 4.0.20, 4.1.28, and 4.2.18 allows local users to affect availability via unknown vectors related to Core. The fix for CVE-2013-3792 prevents a virtio-net host DoS vulnerability by adding large frame support to IntNet, VirtioNet and NetFilter plus dropping oversized frames. CVE-2014-2486 Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core. No further details have been provided, the attack range has been given as local, severity low. CVE-2014-2488 Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via unknown vectors related to Core. No further details can been provided, the attack range has been given as local, severity low. CVE-2014-2489 Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. No further details can been provided, the attack range has been given as local, severity medium. CVE-2015-2594 Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.32, 4.1.40, 4.2.32, and 4.3.30 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. This update fixes an issue related to guests using bridged networking via WiFi. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-09-30 plugin id 86195 published 2015-09-30 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86195 title Debian DLA-313-1 : virtualbox-ose security update NASL family Misc. NASL id ORACLE_VIRTUALBOX_JUL_2015_CPU.NASL description The remote host contains a version of Oracle VM VirtualBox that is prior to 4.0.32 / 4.1.40 / 4.2.32 / 4.3.30. It is, therefore, affected by an unspecified vulnerability in the Core subcomponent last seen 2020-06-01 modified 2020-06-02 plugin id 84799 published 2015-07-16 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84799 title Oracle VM VirtualBox < 4.0.32 / 4.1.40 / 4.2.32 / 4.3.30 Core Unspecified Vulnerability (July 2015 CPU) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3359.NASL description This update fixes an unspecified security issue in VirtualBox related to guests using bridged networking via WiFi. Oracle no longer provides information on specific security vulnerabilities in VirtualBox. To still support users of the already released Debian releases we last seen 2020-06-01 modified 2020-06-02 plugin id 85915 published 2015-09-14 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85915 title Debian DSA-3359-1 : virtualbox - security update