CLSA-2025-1764677738 lasso: Fix of CVE-2025-47151

CVE-2025-47151: fix type confusion vulnerability in the lassonodeimplinitfromxml functionality...

CVE-2025-46784

A denial of service vulnerability exists in the lassonodeinitfrommessagewithformat functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerabili...

CVE-2025-39903

The CVE-2025-39903 issue affects the Linux kernel and relates to NUMA memory initialization. The root cause was that memory-only NUMA nodes (nodes without CPUs) were not properly initialized, causing a NULL pointer dereference in free_area_init when NODE_DATA() is accessed for these uninitialized...

CVE-2024-42018

An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During initialization of nodes, some configuration parameters are retrieved from management nodes. These parameters embed credentials whose integrity and confidentiality may be important to the security of the HPC configuration...

Atos Eviden SMC xScale 安全漏洞

Atos Eviden SMC xScale is a data driver from Atos France. A security vulnerability exists in Atos Eviden SMC xScale versions prior to 1.6.6, which originates during node initialization, where configuration parameters used for initialization contain credential information that lacks an access...

Man-in-the-Middle Attack (MITM)

github.com/edgelesssys/constellation is vulnerable to Man-in-the-Middle Attacks MITM. The vulnerability exists because attestation user data, including the digest of a public key in a aTLS connection are incorrectly bound to the issuers TPM, not the PCR state. If an attacker can intercept a node...

GHSA-R2H5-3HGW-8J34 User data in TPM attestation vulnerable to MITM

Impact Attestation user data such as the digest of the public key in an aTLS connection was bound to the issuer's TPM, but not to its PCR state. An attacker could intercept a node initialization, initialize the node themselves, and then impersonate an uninitialized node to the validator. In...

User data in TPM attestation vulnerable to MITM

Impact Attestation user data such as the digest of the public key in an aTLS connection was bound to the issuer's TPM, but not to its PCR state. An attacker could intercept a node initialization, initialize the node themselves, and then impersonate an uninitialized node to the validator. In...

Scientific Linux Security Update : conga on SL5.x i386/x86_64

A flaw was found in ricci during a code audit. A remote attacker who is able to connect to ricci could cause ricci to temporarily refuse additional connections, a denial of service CVE-2007-4136. Fixes in this updated package include : - The nodename is now set for manual fencing. - The node log ...