[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2018-0437":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":42,"duplicates":43,"related":44,"reserved_at":9,"published_at":59,"modified_at":60,"state":9,"summary":61,"references_raw":63,"kevs":84,"epss":9,"epss_history":85,"metrics":86,"affected":87},"MGASA-2018-0437","Updated virtualbox packages fix security vulnerabilities\n\nThis update provides virtualbox 5.2.20 and fixes the following security\nvulnerabilities:\n\nDuring key agreement in a TLS handshake using a DH(E) based ciphersuite\na malicious server can send a very large prime value to the client. This\nwill cause the client to spend an unreasonably long period of time\ngenerating a key for this prime resulting in a hang until the client has\nfinished. This could be exploited in a Denial Of Service attack\n(CVE-2018-0732).\n\nVulnerability in VirtualBox contains an easily exploitable vulnerability\nthat allows unauthenticated attacker with logon to the infrastructure\nwhere VirtualBox executes to compromise VirtualBox. Successful attacks\nrequire human interaction from a person other than the attacker and while\nthe vulnerability is in VirtualBox, attacks may significantly impact\nadditional products. Successful attacks of this vulnerability can result\nin takeover of VirtualBox (CVE-2018-2909, CVE-2018-3287, (CVE-2018-3288,\nCVE-2018-3289, CVE-2018-3290, CVE-2018-3291, CVE-2018-3292, CVE-2018-3293,\nCVE-2018-3295, CVE-2018-3296, CVE-2018-3297, CVE-2018-3298).\n\nVulnerability in VirtualBox contains an easily exploitable vulnerability\nthat allows unauthenticated attacker with llow privileged attacker with\nnetwork access via VRDP to compromise VirtualBox. Successful attacks\nrequire human interaction from a person other than the attacker and while\nthe vulnerability is in VirtualBox, attacks may significantly impact\nadditional products. Successful attacks of this vulnerability can result\nin takeover of VirtualBox (CVE-2018-3294).\n\nFor other fixes in this update, see the referenced changelog.\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40],{"_key":15},"CVE-2018-0732",{"_key":17},"CVE-2018-2909",{"_key":19},"CVE-2018-3287",{"_key":21},"CVE-2018-3288",{"_key":23},"CVE-2018-3289",{"_key":25},"CVE-2018-3290",{"_key":27},"CVE-2018-3291",{"_key":29},"CVE-2018-3292",{"_key":31},"CVE-2018-3293",{"_key":33},"CVE-2018-3294",{"_key":35},"CVE-2018-3295",{"_key":37},"CVE-2018-3296",{"_key":39},"CVE-2018-3297",{"_key":41},"CVE-2018-3298",[],[],[45,46,47,48,49,50,51,52,53,54,55,56,57,58],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},"2018-11-03T11:55:18Z","2026-04-16T06:23:57.889277104Z",{"cisa_kev":62,"cisa_ransomware":62,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[64,70,75,80],{"url":65,"sources":66,"tags":68},"https://advisories.mageia.org/MGASA-2018-0437.html",[67],"osv_mageia",[69],"Advisory",{"url":71,"sources":72,"tags":73},"https://bugs.mageia.org/show_bug.cgi?id=23719",[67],[74],"REPORT",{"url":76,"sources":77,"tags":78},"https://www.virtualbox.org/wiki/Changelog#20",[67],[74,79],"WEB",{"url":81,"sources":82,"tags":83},"https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixOVIR",[67],[74,69],[],[],[],[88,100,104],{"ecosystem":89,"name":90,"vendor":91,"product":90,"cpe_part":9,"purl_type":92,"purl_namespace":91,"purl_name":90,"source":9,"versions":93},"Mageia","kmod-vboxadditions","mageia","rpm",[94],{"version":95,"is_range":96,"range_type":97,"version_start":9,"version_start_type":9,"version_end":98,"version_end_type":99,"fixed_in":9},"lt5_2_20_1_mga6",true,"ecosystem","5.2.20-1.mga6","excluding",{"ecosystem":89,"name":101,"vendor":91,"product":101,"cpe_part":9,"purl_type":92,"purl_namespace":91,"purl_name":101,"source":9,"versions":102},"kmod-virtualbox",[103],{"version":95,"is_range":96,"range_type":97,"version_start":9,"version_start_type":9,"version_end":98,"version_end_type":99,"fixed_in":9},{"ecosystem":89,"name":105,"vendor":91,"product":105,"cpe_part":9,"purl_type":92,"purl_namespace":91,"purl_name":105,"source":9,"versions":106},"virtualbox",[107],{"version":95,"is_range":96,"range_type":97,"version_start":9,"version_start_type":9,"version_end":98,"version_end_type":99,"fixed_in":9}]