4438 matches found
RLSA-2025:4492 Moderate: qemu-kvm security update
Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fixes: QEMU: virtio-net: stack buffer overflow in virtionetflushtx CVE-2023-6693...
AZL-73025 CVE-2025-38403 affecting package kernel for versions less than 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmcitransportpacketinit memset the vmcitransportpacket before populating the fields to avoid any uninitialised data being left in the structure...
CVE-2025-38403 vsock/vmci: Clear the vmci transport packet properly when initializing it
In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmcitransportpacketinit memset the vmcitransportpacket before populating the fields to avoid any uninitialised data being left in the structure...
CVE-2025-38367 LoongArch: KVM: Avoid overflow with array index
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Avoid overflow with array index The variable index is modified and reused as array index when modify register EIOINTCENABLE. There will be array index overflow problem...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly initializing the vmci transport packet structure, which could result in uninitialized data...
The vulnerability of the Java VM component of the Oracle Database Server system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Java VM component of the Oracle Database Server management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Kubernetes Image Builder software lies in its use of hard-coded credentials, which allows an attacker to gain access to the virtual machine.
The vulnerability of the Kubernetes Image Builder software lies in the use of strictly encrypted credentials. Exploiting this vulnerability could allow a malicious actor to gain access to the virtual machine remotely...
Unspecified Vulnerability in Oracle Database Server (CNVD-2025-24077)
Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. A security vulnerability exists in the Java VM of Oracle Database Server, which can be...
The vulnerability of Oracle Java SE’s 2D software platform and the Oracle GraalVM virtual machine allows a hacker to gain full control over the application.
The vulnerability of the Oracle Java SE 2D software platform and the Oracle GraalVM Enterprise Edition virtual machine is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain full control over the application...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from unfiltered non-canonical addresses and could lead to a virtual machine failure...
[SECURITY] Fedora 41 Update: luajit-2.1.1748459687-2.fc41
LuaJIT implements the full set of language features defined by Lua 5.1. The virtual machine VM is API- and ABI-compatible to the standard Lua interpreter and can be deployed as a drop-in replacement...
Xen 安全漏洞
Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen that stems from an...
The vulnerability of the Virtual Machine Communication Interface (VMCI) implementation in software products such as VMware ESXi, Workstation, Fusion, and Cloud Foundation allows a perpetrator to execute arbitrary code.
The vulnerability of the Virtual Machine Communication Interface VMCI implementation in software products such as VMware ESXi, Workstation, Fusion, and Cloud Foundation lies in buffer overflow attacks. Exploiting this vulnerability allows an attacker to execute arbitrary code...
CVE-2025-50069
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 21.3-21.18. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise...
CVE-2025-41237
VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI Virtual Machine Communication Interface that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX...
CVE-2025-41239 vSockets information-disclosure vulnerability
VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes...
CVE-2025-41238
VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI Paravirtualized SCSI controller that leads to an out of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine'...
CVE-2025-41237
CVE-2025-41237 describes an integer-underflow in the VMCI component of VMware ESXi, Workstation, and Fusion that can cause an out-of-bounds write. A local attacker with VM-level admin privileges may execute code as the VMX process on the host; exploitation is contained within the VMX sandbox on E...
Oracle Database Server 安全漏洞
Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. A security vulnerability exists in the Java VM of Oracle Database Server, which can be...
[SECURITY] Fedora 42 Update: luajit-2.1.1748459687-2.fc42
LuaJIT implements the full set of language features defined by Lua 5.1. The virtual machine VM is API- and ABI-compatible to the standard Lua interpreter and can be deployed as a drop-in replacement...