4461 matches found
CVE-2025-55131
CVE-2025-55131 relates to Node.js buffer allocation in the vm module with timeout, which can expose uninitialized memory in buffers (Buffer.alloc and Uint8Array) under specific timing. Connected advisories confirm the issue affects multiple Node.js packages across distributions (examples: nodejs1...
CVE-2025-55131
A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...
open-vm-tools: Insecure file handling
A vulnerability was found in open-vm-tools. A malicious actor with non-administrative privileges on a guest virtual machine VM may tamper with the local files to trigger insecure file operations within that VM...
PT-2026-3722
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.29 and 21.3-21.20. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with network access via Oracle Net to compromise Java VM...
Oracle Virtualization security vulnerabilities
Oracle Virtualization is a virtualization solution developed by Oracle, a company in the United States. This product is used for the unified management of the entire hardware and software system, from applications to disks, enabling virtualization from desktops to data centers. VM VirtualBox is o...
MiracleLinux 9 : kernel-5.14.0-427.40.1.el9_4 (AXSA:2024-8938:33)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8938:33 advisory. kernel: Local information disclosure on IntelR AtomR processors CVE-2023-28746 kernel: netfilter: nftflowoffload: reset dst in route object after...
Static Detection of Core Structures in Tigress Virtualization-Based Obfuscation Using an LLVM Pass
Malware often uses obfuscation to hinder security analysis. Among these techniques, virtualization-based obfuscation is particularly strong because it protects programs by translating original instructions into attacker-defined virtual machine VM bytecode, producing long and complex code that is...
MiracleLinux 4 : virt-v2v-0.8.3-5.0.1.AXS4 (AXSA:2012-50:01)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-50:01 advisory. virt-v2v is a tool for converting virtual machines to use the KVM hypervisor. It modifies both the virtual machine image and its associated libvirt metadata...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001335)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001335 advisory. A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by t...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001588)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001588 advisory. KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATEHOSTR1 to store r1 state in kvmppchventry plus in kvmppcsave,restoretm, leading to a stac...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004444)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004444 advisory. An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service soft lockup by triggering destruction of...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001646)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001646 advisory. The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a writemmio stack-base...
MiracleLinux 4 : qemu-kvm-0.12.1.2-2.491.AXS4.3 (AXSA:2016-614:03)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-614:03 advisory. KVM for Kernel-based Virtual Machine is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines running...
MiracleLinux 4 : qemu-kvm-0.12.1.2-2.479.AXS4.2 (AXSA:2015-518:06)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-518:06 advisory. KVM for Kernel-based Virtual Machine is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines running...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004242)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004242 advisory. An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001598)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001598 advisory. The handleinvept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service NULL pointer...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004477)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004477 advisory. KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATEHOSTR1 to store r1 state in kvmppchventry plus in kvmppcsave,restoretm, leading to a stac...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001443)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001443 advisory. An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service soft lockup by triggering destruction of...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002647)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002647 advisory. The preparevmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the CR8-load exiting and CR8-store exiting L0 vmcs02 control...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002880)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002880 advisory. A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel- memory from within a vm guest. A race condition between...