VulnerableCode Package Details - pkg:deb/debian/virtualbox@0?distro=sid

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-15ja-azw6-xkc3	Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2487.	CVE-2014-4261
VCID-2dnw-zdwz-duc3	Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Installer. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the "application directory."	CVE-2016-0602
VCID-5qtn-9jhp-mubb	Multiple vulnerabilities have been found in VirtualBox, the worst of which could allow an attacker to take control of VirtualBox.	CVE-2020-14711
VCID-dktf-rdh8-w7bf	Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.32. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).	CVE-2022-21295
VCID-mc5b-kap1-xbd4	Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-4261.	CVE-2014-2487
VCID-w247-sjrb-qkfv	Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.	CVE-2021-35538
VCID-z24b-v1v2-wbab	A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versions.	CVE-2021-25319

Vulnerability

Summary

Aliases

VCID-15ja-azw6-xkc3

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2487.

CVE-2014-4261

VCID-2dnw-zdwz-duc3

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Installer. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the "application directory."

CVE-2016-0602

VCID-5qtn-9jhp-mubb

Multiple vulnerabilities have been found in VirtualBox, the worst of which could allow an attacker to take control of VirtualBox.

CVE-2020-14711

VCID-dktf-rdh8-w7bf

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.32. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

CVE-2022-21295

VCID-mc5b-kap1-xbd4

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-4261.

CVE-2014-2487

VCID-w247-sjrb-qkfv

Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.

CVE-2021-35538

VCID-z24b-v1v2-wbab

A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versions.

CVE-2021-25319

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:00:37.638515+00:00	Debian Importer	Fixing	VCID-w247-sjrb-qkfv	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:49:42.479827+00:00	Debian Importer	Fixing	VCID-5qtn-9jhp-mubb	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:28:28.099859+00:00	Debian Importer	Fixing	VCID-z24b-v1v2-wbab	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:54:01.509504+00:00	Debian Importer	Fixing	VCID-mc5b-kap1-xbd4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:38:04.203397+00:00	Debian Importer	Fixing	VCID-2dnw-zdwz-duc3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:22:38.752970+00:00	Debian Importer	Fixing	VCID-dktf-rdh8-w7bf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:09:27.146903+00:00	Debian Importer	Fixing	VCID-15ja-azw6-xkc3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:56:24.947448+00:00	Debian Importer	Fixing	VCID-w247-sjrb-qkfv	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:19:50.476299+00:00	Debian Importer	Fixing	VCID-5qtn-9jhp-mubb	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:04:05.871083+00:00	Debian Importer	Fixing	VCID-z24b-v1v2-wbab	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:37:28.667692+00:00	Debian Importer	Fixing	VCID-mc5b-kap1-xbd4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:24:43.271342+00:00	Debian Importer	Fixing	VCID-2dnw-zdwz-duc3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:15:43.692129+00:00	Debian Importer	Fixing	VCID-dktf-rdh8-w7bf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:07:51.114855+00:00	Debian Importer	Fixing	VCID-15ja-azw6-xkc3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:56:14.173406+00:00	Debian Importer	Fixing	VCID-dktf-rdh8-w7bf	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:56:14.092451+00:00	Debian Importer	Fixing	VCID-w247-sjrb-qkfv	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:56:14.072459+00:00	Debian Importer	Fixing	VCID-z24b-v1v2-wbab	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:56:12.192217+00:00	Debian Importer	Fixing	VCID-5qtn-9jhp-mubb	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:56:08.785503+00:00	Debian Importer	Fixing	VCID-2dnw-zdwz-duc3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:56:08.381155+00:00	Debian Importer	Fixing	VCID-15ja-azw6-xkc3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:56:08.292106+00:00	Debian Importer	Fixing	VCID-mc5b-kap1-xbd4	https://security-tracker.debian.org/tracker/data/json	38.1.0