OESA-2025-2050 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

OESA-2025-1957 freetype security update

Security Fixes: ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.CVE-2022-31782...

OESA-2025-1956 freetype security update

Security Fixes: ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.CVE-2022-31782...

Unspecified vulnerability in Apple macOS Sequoia (CNVD-2025-18410)

Apple macOS Sequoia is an operating system from the American company Apple Apple. A security vulnerability exists in Apple macOS Sequoia, which can be exploited by an attacker to cause a sandboxed process to launch arbitrary applications...

PT-2025-33544

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: An out-of-bounds access issue exists in cgroup local storage within the Linux kernel. This can be triggered via tail calls between two BPF programs utilizing cgroup local storage with...

CVE-2025-7620

The cross-browser document creation component produced by Digitware System Integration Corporation has a Remote Code Execution vulnerability. If a user visits a malicious website while the component is active, remote attackers can cause the system to download and execute arbitrary programs...

The State of Cyber Risk 2025: Business Context Needed

The cyber risk conversation is changing. Momentum is growing for formal cyber risk programs. However, despite rising investments, evolving frameworks, and more vocal boardroom interest, new data reveals that most organizations remain immature in their risk management programs, and cyber risk is...

DSIC Cross-browser Components for Official Document Creation 安全漏洞

DSIC Cross-browser Components for Official Document Creation is a browser plug-in from Dewei DSIC Corporation of Taiwan, China. A security vulnerability exists in DSIC Cross-browser Components for Official Document Creation that originates from remote code execution and could lead to the download...

arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users

...

bpf: check changes_pkt_data property for extension programs

...

CVE-2025-46334

Git GUI allows you to use the Git source control management tools via a GUI. A malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable always includes...

SUSE CVE-2025-38202

In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld in bpfmaplookuppercpuelem bpfmaplookuppercpuelem helper is also available for sleepable bpf program. When BPF JIT is disabled or under 32-bit host, bpfmaplookuppercpuelem will not be inlined. Using...

CVE-2025-38202

In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld in bpfmaplookuppercpuelem bpfmaplookuppercpuelem helper is also available for sleepable bpf program. When BPF JIT is disabled or under 32-bit host, bpfmaplookuppercpuelem will not be inlined. Using...

DEBIAN-CVE-2025-38202

In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld in bpfmaplookuppercpuelem bpfmaplookuppercpuelem helper is also available for sleepable bpf program. When BPF JIT is disabled or under 32-bit host, bpfmaplookuppercpuelem will not be inlined. Using...

Study Reveals API Security Gaps in Asia-Pacific Compliance Programs

...

KEENHash: Hashing Programs into Function-Aware Embeddings for Large-Scale Binary Code Similarity Analysis

Binary code similarity analysis BCSA is a crucial research area in many fields such as cybersecurity. Specifically, function-level diffing tools are the most widely used in BCSA: they perform function matching one by one for evaluating the similarity between binary programs. However, such methods...

CVE-2022-50219

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix KASAN use-after-free Read in computeeffectiveprogs Syzbot found a Use After Free bug in computeeffectiveprogs. The reproducer creates a number of BPF links, and causes a fault injected alloc to fail, while calling...

CVE-2022-50219 bpf: Fix KASAN use-after-free Read in compute_effective_progs

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix KASAN use-after-free Read in computeeffectiveprogs Syzbot found a Use After Free bug in computeeffectiveprogs. The reproducer creates a number of BPF links, and causes a fault injected alloc to fail, while calling...

CVE-2022-50219

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix KASAN use-after-free Read in computeeffectiveprogs Syzbot found a Use After Free bug in computeeffectiveprogs. The reproducer creates a number of BPF links, and causes a fault injected alloc to fail, while calling...

CVE-2025-38012

CVE-2025-38012 concerns the Linux kernel vulnerability in sched_ext where bpf_iter_scx_dsq_new() may leave an uninitialized BPF iterator after an error return, causing bpf_iter_scx_dsq_next() to dereference garbage data. The patch ensures bpf_iter_scx_dsq_new() always clears kit->dsq, making n...