CVE-2026-0427

Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine VM to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: added a missing boundary check in vmaccess A missing bounds check in vmaccess can lead to an out-of-bounds read or write in the adjacent memory area. This occurs because the len attribute is not validated before the...

CVE-2026-0427

Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine VM to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988920)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988920 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: add missing boundary check in vmaccess A missing bounds check in vmaccess can lead ...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987513)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987513 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: add missing boundary check in vmaccess A missing bounds check in vmaccess can lead ...

EUVD-2020-26590

Malware in sbrugna...

EUVD-2008-5687

Malware in sbrugna...

EUVD-2025-19416

Malicious code in bioql PyPI...

CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...

CVE-2025-46707

Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU...

CVE-2025-46707

Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU...

CVE-2025-46707

CVE-2025-46707 concerns Imagination Technologies graphics stack (PowerVR-GPU) where software in a Guest VM can override the firmware state and gain access to the GPU. The base CVSS shows it is a local issue with low privileges and no user interaction, scoped to change in confidentiality/integrity...

CVE-2025-2509

Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in utilformatdescription...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a lack of bounds checking in vmaccess...

PT-2025-7042 · Unknown +1 · Securedrop Client +2

Name of the Vulnerable Software and Affected Versions: SecureDrop Client versions prior to 0.14.1 and 1.0.1 Description: The issue allows an attacker who has already gained code execution in a virtual machine on the SecureDrop Workstation to gain code execution in the sd-log virtual machine by...

RHEL 7 : openstack-neutron (RHSA-2017:2447)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2447 advisory. OpenStack Networking neutron is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main functi...

U.S. State Government Network Breached via Former Employee's Account

The U.S. Cybersecurity and Infrastructure Security Agency CISA has revealed that an unnamed state government organization's network environment was compromised via an administrator account belonging to a former employee. "This allowed the threat actor to successfully authenticate to an internal...

Remote Code Execution (RCE)

github.com/edgelesssys/constellation is vulnerable to Remote Code Execution RCE. The vulnerability is due to allowing the serial console to boot to a rescue shell when the boot fails, which grants full VM access to an attacker...

CVE-2021-4024

A flaw was found in podman. The podman machine function used to create and manage Podman virtual machine containing a Podman process spawns a gvproxy process on the host system. The gvproxy API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall...

Vulnerabilities fixed in Oracle Virtualization products

Oracle has fixed vulnerabilities in Secure Global Desktop and VirtualBox. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Gain access to VM Accessing sensitive data Accessing system data...