Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-2dpy-reut-bqft

Summary

Multiple vulnerabilities have been found in VirtualBox, the worst
    of which could allow an attacker to take control of VirtualBox.

Aliases

alias	CVE-2020-2908

Fixed_packages

url	pkg:deb/debian/virtualbox@6.1.6-dfsg-1?distro=sid
purl	pkg:deb/debian/virtualbox@6.1.6-dfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.6-dfsg-1%3Fdistro=sid

url	pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid
purl	pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid

url	pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid
purl	pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid

url	pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid
purl	pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid

url	pkg:ebuild/app-emulation/virtualbox@6.0.24
purl	pkg:ebuild/app-emulation/virtualbox@6.0.24
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/virtualbox@6.0.24

url	pkg:ebuild/app-emulation/virtualbox@6.1.12
purl	pkg:ebuild/app-emulation/virtualbox@6.1.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/virtualbox@6.1.12

Affected_packages

References

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:28Z/

url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-2908

reference_id

reference_type

scores

value	0.00163
scoring_system	epss
scoring_elements	0.36865
published_at	2026-05-14T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.3699
published_at	2026-04-24T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.36958
published_at	2026-04-26T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.36871
published_at	2026-04-29T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.36753
published_at	2026-05-05T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.3682
published_at	2026-05-07T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.36843
published_at	2026-05-09T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.36766
published_at	2026-05-11T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.36789
published_at	2026-05-12T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37204
published_at	2026-04-01T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.3737
published_at	2026-04-02T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37397
published_at	2026-04-04T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37225
published_at	2026-04-07T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37276
published_at	2026-04-08T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37289
published_at	2026-04-09T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.373
published_at	2026-04-11T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37267
published_at	2026-04-12T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37239
published_at	2026-04-13T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37285
published_at	2026-04-16T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37268
published_at	2026-04-18T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37214
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-2908

reference_url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:28Z/

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.zerodayinitiative.com/advisories/ZDI-20-501/

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:28Z/

url

https://www.zerodayinitiative.com/advisories/ZDI-20-501/

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox::::::::
reference_id	cpe:2.3:a:oracle:vm_virtualbox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-2908

reference_id

CVE-2020-2908

reference_type

scores

value	4.6
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:P/A:P

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2020-2908

reference_url

https://security.gentoo.org/glsa/202101-09

reference_id

GLSA-202101-09

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T17:55:28Z/

url

https://security.gentoo.org/glsa/202101-09

Weaknesses

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

cwe_id	681
name	Incorrect Conversion between Numeric Types
description	When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

cwe_id	787
name	Out-of-bounds Write
description	The product writes data past the end, or before the beginning, of the intended buffer.

Exploits

Severity_range_score 4.6 - 8.2

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2dpy-reut-bqft

Vulnerability Instance