CVE-2025-14525

Summary: CVE-2025-14525 describes a denial-of-service flaw in kubevirt where a VM user with an active guest agent can cause the agent to report an excessive number of network interfaces. This overloads the system’s ability to record VM configuration updates, effectively blocking changes to the Vi...

BIT-NODE-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-38321: smb: Log an error when closeallcacheddirs fails bsc1246328. CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd bsc1249256. CVE-2025-39890:...

PT-2026-4806

Name of the Vulnerable Software and Affected Versions kubevirt affected versions not specified Description A flaw exists in kubevirt where a user inside a virtual machine VM, with an active guest agent, can trigger a denial of service. By reporting an excessive number of network interfaces, the...

PT-2026-4821

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.10.2 Description vm2 is a Node.js library used to create sandboxed environments for executing untrusted code. A flaw exists in versions prior to 3.10.2 where the sanitization of Promise.prototype.then and...

vm2 security vulnerabilities

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.10.2 have security vulnerabilities; these vulnerabilities stem from Promise callback cleanup mechanisms...

CVE-2025-71155

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: Fix gmaphelperzaponepage again A few checks were missing in gmaphelperzaponepage, which can lead to memory corruption in the guest under specific circumstances. Add the missing checks...

SUSE-SU-2026:0238-1 Security update for dpdk

This update for dpdk fixes the following issues: Update to version 24.11.4: - CVE-2025-23259: Fixed an attacker on a VM in the system can cause information disclosure and denial of service bsc1254161. Changelog: https://doc.dpdk.org/guides-24.11/relnotes/release2411.htmlid10...

SUSE-SU-2026:0213-1 Security update for ovmf

This update for ovmf fixes the following issues: - CVE-2022-36765: Fixed integer overflow to buffer overflow via local network vulnerability bsc1218680...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37936)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37936 advisory. - In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: Mask PEBSENABLE...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21839)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21839 advisory. - In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only...

Azure Linux 3.0 Security Update: kernel (CVE-2025-23161)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23161 advisory. - In the Linux kernel, the following vulnerability has been resolved: PCI: vmd: Make vmddev::cfglock a...

RUSTSEC-2026-0004 Triton VM Soundness Vulnerability due to Improper Sampling of Randomness

In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol. Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness. Protocols that rely on proofs and the supplied...

EUVD-2026-3537

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.29 and 21.3-21.20. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with network access via Oracle Net to compromise Java VM...

CVE-2026-21975

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.29 and 21.3-21.20. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with network access via Oracle Net to compromise Java VM...

CVE-2025-55131

CVE-2025-55131 relates to Node.js buffer allocation in the vm module with timeout, which can expose uninitialized memory in buffers (Buffer.alloc and Uint8Array) under specific timing. Connected advisories confirm the issue affects multiple Node.js packages across distributions (examples: nodejs1...

CVE-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

open-vm-tools: Insecure file handling

A vulnerability was found in open-vm-tools. A malicious actor with non-administrative privileges on a guest virtual machine VM may tamper with the local files to trigger insecure file operations within that VM...

Oracle Virtualization security vulnerabilities

Oracle Virtualization is a virtualization solution developed by Oracle, a company in the United States. This product is used for the unified management of the entire hardware and software system, from applications to disks, enabling virtualization from desktops to data centers. VM VirtualBox is o...

PT-2026-3722

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.29 and 21.3-21.20. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with network access via Oracle Net to compromise Java VM...