CVE-2016-0678

MEDIUM

Oracle VM VirtualBox <5.0.18 - Info Disclosure

Title source: llm

Description

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors related to Core.

References (4)

[Mailing List] http://lists.opensuse.org/opensuse-updates/2016-05/msg00130.html

[Mailing List] http://lists.opensuse.org/opensuse-updates/2016-06/msg00002.html

[Vendor Advisory] http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035607

Scores

CVSS v3 6.7

EPSS 0.0011

EPSS Percentile 29.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Classification

Status draft

Affected Products (1)

oracle/vm_virtualbox

Timeline

Published Apr 21, 2016

Tracked Since Feb 18, 2026