crypto: iaa - Fix nr_cpus < nr_iaa case

...

Security update for ucode-intel

This update for ucode-intel fixes the following issues: Intel CPU Microcode was updated to the 20250812 release bsc1248438 CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable...

SAMSUNG Mobile Processor 安全漏洞

SAMSUNG Mobile Processor is a family of mobile processors from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile Processor that originates from a buffer copy programming error that results in an out-of-bounds write...

Linux Distros Unpatched Vulnerability : CVE-2025-38675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: xfrm: state: initialize stateptrs earlier in xfrmstatefind In case of preemption,...

AVX-Based Timing Side Channel — ASLR Detection

This work demonstrates a technique for detecting ASLR using AVX memory load instructions combined with RDTSCP timing and SIGSEGV detection. It illustrates how side-channel timing measurements can be applied to analyze memory layout randomization...

Linux Distros Unpatched Vulnerability : CVE-2025-38581

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: ccp - Fix crash when rebind ccp device for ccp.ko When CONFIGCRYPTODEVCCPDEBUGFS is enabled, rebinding the ccp device causes the following crash: $ echo...

CVE-2025-6203

A denial of service flaw has been discovered in Hashicorp's vault secret storage project. A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit, which results in excessive memory and CPU consumption of Vault. This may lead to a timeout...

GHSA-8F82-53H8-2P34 HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads

A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become...

Spim 安全漏洞

Spim is a MIPS architecture processor simulator by the individual developer James Larus. A security vulnerability exists in Spim 9.1.24 and earlier versions, which stems from a buffer overflow in the READSYSCALL and WRITESYSCALL system calls...

TencentOS Server 4: microcode_ctl (TSSA-2025:0703)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0703 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Linux Distros Unpatched Vulnerability : CVE-2022-26363

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86 pv: Insufficient care with non-coherent mappings This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities...

Linux Distros Unpatched Vulnerability : CVE-2021-33829

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executab...

CVE-2025-57810

CVE-2025-57810 affects the jsPDF library. The issue arises when user control of the first argument to addImage allows untrusted image data/URLs to trigger high CPU usage, leading to denial of service. This vulnerability is present in versions prior to 3.0.2 and was fixed in jsPDF 3.0.2. Impact is...

Regular Expression Denial Of Service (ReDoS)

Hugging Face Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of a regex pattern /^/^// in the converttfweightnametoptweightname function, which allows attackers to craft malicious input strings causing catastrophic backtracking and...

jsPDF 安全漏洞

jsPDF is Parallax open source a JavaScript-based PDF document generation library . A security vulnerability exists in versions prior to jsPDF 3.0.2, which stems from the addImage method not adequately validating input, which could lead to CPU resource exhaustion and denial of service attacks...

SUSE-SU-2025:02970-1 Security update for pam

This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues bsc1232234...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-36028: mm/hugetlb: fix DEBUGLOCKSWARNON1 when dissolvefreehugetlbfolio bsc1225707. CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357:...

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor from jqlang open source. A security vulnerability exists in jq 1.6 and earlier versions, which stems from a reachable assertion in the runjqtests function in the file jqtest.c. The vulnerability is caused by the presence of the jqtest.c...

Linux Distros Unpatched Vulnerability : CVE-2022-50173

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fix global state lock backoff We need to grab the lock after the early return...

MAL-2025-41376 Malicious code in code-processor (npm)

The package communicates with a domain associated with malicious activity...