GHSA-R5FR-9GMV-JGGH scim_proton and kanidm_proto have an authenticated process abort via SCIM filter stack exhaustion

Summary A single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds to stack overflow with std::process::abort — the entire...

CVE-2023-53654

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Add validation before accessing cgx and lmac with the addition of new MAC blocks like CN10K RPM and CN10KB RPMUSX, LMACs are noncontiguous and CGX blocks are also noncontiguous. But during RVU driver initialization,...

AZL-64601 CVE-2025-38136 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: usb: renesasusbhs: Reorder clock handling and power management in probe Reorder the initialization sequence in usbhsprobe to enable runtime PM before accessing registers, preventing potential crashes due to uninitialized clocks...

CVE-2022-22598

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 15.4 and iPadOS 15.4. An app may be able to learn information about the current camera view before being granted camera access...