SUSE-SU-2026:0238-1 Security update for dpdk

This update for dpdk fixes the following issues: Update to version 24.11.4: - CVE-2025-23259: Fixed an attacker on a VM in the system can cause information disclosure and denial of service bsc1254161. Changelog: https://doc.dpdk.org/guides-24.11/relnotes/release2411.htmlid10...

SUSE-SU-2026:0213-1 Security update for ovmf

This update for ovmf fixes the following issues: - CVE-2022-36765: Fixed integer overflow to buffer overflow via local network vulnerability bsc1218680...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21839)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21839 advisory. - In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only...

Azure Linux 3.0 Security Update: kernel (CVE-2025-23161)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23161 advisory. - In the Linux kernel, the following vulnerability has been resolved: PCI: vmd: Make vmddev::cfglock a...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37936)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37936 advisory. - In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: Mask PEBSENABLE...

CVE-2026-23873 HUSTOJ is Vulnerable to Stored CSV Injection (Formula Injection) in Contest Rank Export

hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection Formula Injection through the contest rank export functionality contestrank.xls.php and admin/ranklistexport.php. The application fails to sanitize...

RUSTSEC-2026-0004 Triton VM Soundness Vulnerability due to Improper Sampling of Randomness

In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol. Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness. Protocols that rely on proofs and the supplied...

EUVD-2026-3537

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.29 and 21.3-21.20. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with network access via Oracle Net to compromise Java VM...

CVE-2026-21975

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.29 and 21.3-21.20. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with network access via Oracle Net to compromise Java VM...

CVE-2025-55131

CVE-2025-55131 relates to Node.js buffer allocation in the vm module with timeout, which can expose uninitialized memory in buffers (Buffer.alloc and Uint8Array) under specific timing. Connected advisories confirm the issue affects multiple Node.js packages across distributions (examples: nodejs1...

CVE-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

open-vm-tools: Insecure file handling

A vulnerability was found in open-vm-tools. A malicious actor with non-administrative privileges on a guest virtual machine VM may tamper with the local files to trigger insecure file operations within that VM...

Malicious code in dreame-claude (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44b904b33e89c1b805a677ba354efd9fb3a2433181457eaa178dde53d834a387 The package dreame-claude was found to contain malicious code. Source: ghsa-malware 4af60f8f709a4f9b864b976407e3415357526d2edebe39413dd0de8b3783578b...

Constructing Multi-Label Hierarchical Classification Models for MITRE ATT&CK Text Tagging

MITRE ATT&CK is a cybersecurity knowledge base that organizes threat actor and cyber-attack information into a set of tactics describing the reasons and goals threat actors have for carrying out attacks, with each tactic having a set of techniques that describe the potential methods used in these...

Oracle Virtualization security vulnerabilities

Oracle Virtualization is a virtualization solution developed by Oracle, a company in the United States. This product is used for the unified management of the entire hardware and software system, from applications to disks, enabling virtualization from desktops to data centers. VM VirtualBox is o...

PT-2026-3722

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.29 and 21.3-21.20. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with network access via Oracle Net to compromise Java VM...

MiracleLinux 9 : kernel-5.14.0-427.40.1.el9_4 (AXSA:2024-8938:33)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8938:33 advisory. kernel: Local information disclosure on IntelR AtomR processors CVE-2023-28746 kernel: netfilter: nftflowoffload: reset dst in route object after...

Techniques of Modern Attacks

The techniques used in modern attacks have become an important factor for investigation. As we advance further into the digital age, cyber attackers are employing increasingly sophisticated and highly threatening methods. These attacks target not only organizations and governments but also extend...

Static Detection of Core Structures in Tigress Virtualization-Based Obfuscation Using an LLVM Pass

Malware often uses obfuscation to hinder security analysis. Among these techniques, virtualization-based obfuscation is particularly strong because it protects programs by translating original instructions into attacker-defined virtual machine VM bytecode, producing long and complex code that is...

MiracleLinux 4 : virt-v2v-0.8.3-5.0.1.AXS4 (AXSA:2012-50:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-50:01 advisory. virt-v2v is a tool for converting virtual machines to use the KVM hypervisor. It modifies both the virtual machine image and its associated libvirt metadata...