Multiple vulnerabilities in the Oracle VM VirtualBox can be exploited by malicious actors to cause Denial of Service, escalate privileges and expose sensitive information.
Nine different errors within the “Core” subcomponent can be exploited to gain escalated privileges.
Five different errors within the “Core” subcomponent can be exploited to disclose certain data or cause a DoS.
The vulnerabilities are reported in versions prior to 5.2.28 and prior to 6.0.6.
Following CVE numbers have been assigned to these vulnerabilities.
CVE-2019-2721, CVE-2019-2680, CVE-2019-2722, CVE-2019-2703, CVE-2019-2696, CVE-2019-2690, CVE-2019-2679, CVE-2019-2574, CVE-2019-2678, CVE-2019-2657, CVE-2019-2656, CVE-2019-2723