Linux Distros Unpatched Vulnerability : CVE-2025-40266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: arm64: Check the untrusted offset in FF-A memory share Verify the offset to prevent OOB access in the hypervisor FF-A buffer in case an untrusted large...

RockyLinux 8 : virt:rhel and virt-devel:rhel (RLSA-2023:2757)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2757 advisory. ntfs-3g: heap-based buffer overflow in ntfsck CVE-2021-46790 QEMU: VNC: integer underflow in vncclientcuttextext leads to CPU exhaustion CVE-2022-3165...

Linux Distros Unpatched Vulnerability : CVE-2025-1948

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZ...

SUSE-SU-2025:21150-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2025-13193: Fixed Information disclosure via world-readable VM snapshots bsc1253703 - CVE-2025-12748: Fixed Denial of service in XML parsing bsc1253278 Other fixes: - spec: Adjust dbus dependency bsc1253642 - qemu: Add support for Intel TD...

Remote Code Execution (RCE)

Happy DOM is vulnerable to Remote Code Execution RCE. The vulnerability is due to the use of a non-isolated Node.js VM context with JavaScript evaluation enabled by default, which allows an attacker to run untrusted code that can escape the sandbox—potentially gaining access to process-level...

CVE-2025-58407

Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory escaping the virtual machine...

kernel: x86/vmscape: Add conditional IBPB mitigation

In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor like QEMU. Existing mitigations already protect kernel/KVM...

kernel: x86/vmscape: Add conditional IBPB mitigation

In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor like QEMU. Existing mitigations already protect kernel/KVM...

SUSE CVE-2025-23259

NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver PMD, where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network interface...

Ubuntu 16.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-7875-1)

"The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7875-1 advisory. Jean-Claude Graf, Sandro Regge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation betwe...

Libvirt: information disclosure via world-readable vm snapshots

...

CVE-2025-40604

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution...

TencentOS Server 3: container-tools:rhel8 (TSSA-2025:0606)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0606 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Mac users warned about new DigitStealer information stealer

A new infostealer called DigitStealer is going after Mac users. It avoids detection, skips older devices, and steals files, passwords, and browser data. We break down what it does and how to protect your Mac. Researchers have described a new malware called DigitStealer that steals sensitive...

RHEL 9 : kernel (RHSA-2025:21760)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21760 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ALSA: usb-audio: Validate UAC...

EUVD-2025-198076

pnetlab 5.3.11 is vulnerable to Command Injection via the qemuoptions parameter...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-46738)

VMCI: use-after-free when removing resource in vmciresourceremove. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504738; scriptversion"1.3";...

GO-2025-4104 KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes in github.com/kubevirt/kubevirt

KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes in github.com/kubevirt/kubevirt. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positi...

GO-2025-4105 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation in kubevirt.io/kubevirt

KubeVirt VMI Denial-of-Service DoS Using Pod Impersonation in kubevirt.io/kubevirt...

CVE-2025-58407

Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory escaping the virtual machine...