MiracleLinux 4 : qemu-kvm-0.12.1.2-2.355.AXS4.2 (AXSA:2013-198:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-198:02 advisory. KVM for Kernel-based Virtual Machine is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines running...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002282)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002282 advisory. Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000560)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000560 advisory. Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the...

CVE-2025-48610

CVE-2025-48610 stems from a logic error in mem_protect.c __pkvm_guest_relinquish_to_host, enabling a local information disclosure without required privileges or user interaction. Affected component: Android/Linux kernel KVM (pkvm) code path. Impact: potential leakage of configuration data. Exploi...

Oracle VirtualBox VMSVGA Integer Underflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VMSVGA...

XenServer Security Update for CVE-2025-58147 and CVE-2025-58148

Severity: High Description of Problem Several issues have been identified in XenServer 8.4 that may allow privileged code in a guest VM to compromise or crash the host. These issues have the following identifiers: CVE-2025-58147 CVE-2025-58148 Affected Versions These issues affect XenServer 8.4...

EUVD-2019-15093

Malware in sbrugna...

GHSA-JQQ4-C7WQ-36H7 risc0 vulnerable to arbitrary code execution in guest via memory safety failure in `sys_read`

Arbitrary code execution in guest via memory safety failure in sysread In affected versions of risc0-zkvm-platform, when the zkVM guest calls sysread, the host is able to use a crafted response to write to an arbitrary memory location in the guest. This capability can be leveraged to execute...

PT-2025-40308

Name of the Vulnerable Software and Affected Versions risc0-zkvm-platform versions 2.0.2 and below risc0-aggregation versions below 0.9 risc0-zkos-v1compat versions below 2.1.0 risc0-zkvm versions 3.0.0-rc.1 through 3.0.1 Description The software contains a flaw related to memory safety in the sy...

XenServer Security Update for CVE-2025-27465

Severity: Medium Description of Problem An issue has been identified in XenServer 8.4 that may allow privileged code in a guest VM to cause the host to crash or become unresponsive. This issue has the following identifier: CVE-2025-27465 Affected Versions This issue affects XenServer 8.4. Note th...

CVE-2023-27326

Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest...

DEBIAN-CVE-2024-3446

A double free vulnerability was found in QEMU virtio devices virtio-gpu, virtio-serial-bus, virtio-crypto, where the memreentrancyguard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host,...

CVE-2023-26489 Guest-controlled out-of-bounds read/write on x86_64 in wasmtime

wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x8664 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective address. This bug mea...

SUSE CVE-2020-12967

The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor...

PT-2022-4357 · Lib9P +1 · Lib9P +1

Name of the Vulnerable Software and Affected Versions: lib9p affected versions not specified Description: The issue is related to the handling of RWALK messages in lib9p, where a missing bounds check allows a specially crafted message to cause lib9p to overwrite unrelated memory. This could...

CVE-2021-34869

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

CVE-2021-34864

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

CVE-2021-31422

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...

CVE-2021-31432

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...

CVE-2021-31425

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...