CVE-2025-22069

In the Linux kernel, the following vulnerability has been resolved: riscv: fgraph: Fix stack layout to match archftraceregs argument of ftracereturntohandler Naresh Kamboju reported a "Bad frame pointer" kernel warning while running LTP trace ftracestresstest.sh in riscv. We can reproduce the sam...

CVE-2025-22069

The CVE-2025-22069 entry concerns a Linux kernel riscv fgraph issue where stack layout for ftrace_return_to_handler argument did not match __arch_ftrace_regs, causing a Bad frame pointer warning. Affected component: riscv ftrace path in kernel/trace/fgraph.c; root cause: mismatch between the cons...

CVE-2025-22069 riscv: fgraph: Fix stack layout to match __arch_ftrace_regs argument of ftrace_return_to_handler

In the Linux kernel, the following vulnerability has been resolved: riscv: fgraph: Fix stack layout to match archftraceregs argument of ftracereturntohandler Naresh Kamboju reported a "Bad frame pointer" kernel warning while running LTP trace ftracestresstest.sh in riscv. We can reproduce the sam...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a stack layout mismatch that could lead to a frame pointer error...

PT-2025-16709 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the stack layout for constructing arguments for the ftrace return to handler function in the return t...

Cybersecurity through Entropy Injection: a Paradigm Shift from Reactive Defense to Proactive Uncertainty

Cybersecurity often hinges on unpredictability, with a system's defenses being strongest when sensitive values and behaviors cannot be anticipated by attackers. This paper explores the concept of entropy injection-deliberately infusing randomness into security mechanisms to increase...

BIT-PHP-MIN-2024-11235 Reference counting in php_request_shutdown causes Use-After-Free

In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...

BIT-PHP-2024-11235 Reference counting in php_request_shutdown causes Use-After-Free

In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...

The vulnerability of the Adobe Framemaker desktop publishing system arises from the possibility of an operation going beyond the buffer boundaries in memory. This allows a hacker to bypass the ASLR protection mechanism and gain unauthorized access to protected information.

The vulnerability of the Adobe Framemaker desktop publishing system lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to bypass the ASLR protection mechanism and gain unauthorized access to protected information...

The vulnerability of the gzip_do_write() function in the zlib compression library allows a attacker to bypass ASLR protection, execute arbitrary code, or cause a denial-of-service attack.

The vulnerability of the gzipdowrite function in the zlib compression library, a command-line utility of CURL, is related to integer overflow. Exploiting this vulnerability allows an attacker to bypass ASLR protection, execute arbitrary code, or cause a denial-of-service attack...

CVE-2024-11235

In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...

CVE-2024-11235

In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...

CVE-2024-11235 Reference counting in php_request_shutdown causes Use-After-Free

In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...

PT-2025-46553

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.4 iPadOS versions prior to 18.4 tvOS versions prior to 18.4 visionOS versions prior to 2.4 watchOS versions prior to 11.4 Description An issue existed where an application could potentially bypass Address Space Layout...

The vulnerability of Adobe InDesign’s computer layout automation tool, related to pointer naming errors, allows attackers to trigger a service failure.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to errors in pointer assignment. Exploiting this vulnerability can allow an attacker to trigger a service failure using a specially created malicious file...

The vulnerability of Adobe InDesign’s computer layout automation tool, related to writing beyond the buffer in memory, allows a hacker to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious file...

March 25, 2025—KB5053657 (OS Builds 22621.5126 and 22631.5126) Preview

March 25, 2025—KB5053657 OS Builds 22621.5126 and 22631.5126 Preview For information about Windows update terminology, see types of Windows updates and the monthly quality update types. To find an overview of Windows 11, version 23H2, see its update history page. Follow @WindowsUpdate to find out...

The vulnerability of Adobe InDesign’s computer layout automation tool, related to the swapping of pointers, allows a hacker to trigger a service failure.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to the use of pointers. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of Adobe InDesign’s computer layout automation tool, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2025-30345

An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chatgroup.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML entities are encoded properly, but not when...