DEBIAN-CVE-2022-50399

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: prevent integer overflow in shcsssetblackframe The "height" and "width" values come from the user so the "height width" multiplication can overflow...

CVE-2022-50399

CVE-2022-50399 affects the Linux kernel media/atomisp component, where user-supplied height/width can cause overflow in height*width in sh_css_set_black_frame(). The issue has been fixed in kernel patches (publicly noted in multiple advisories), with distributors (e.g., Root, SUSE) applying fixes...

CVE-2022-50399 media: atomisp: prevent integer overflow in sh_css_set_black_frame()

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: prevent integer overflow in shcsssetblackframe The "height" and "width" values come from the user so the "height width" multiplication can overflow...

CVE-2022-50399 media: atomisp: prevent integer overflow in sh_css_set_black_frame()

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: prevent integer overflow in shcsssetblackframe The "height" and "width" values come from the user so the "height width" multiplication can overflow...

PT-2025-38347

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow issue exists in the sh css set black frame function within the atomisp module. The height and width values, sourced from user input, are multiplied, potentially leadi...

CVE-2025-39815 RISC-V: KVM: fix stack overrun when loading vlenb

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: fix stack overrun when loading vlenb The userspace load can put up to 2048 bits into an xlen bit stack buffer. We want only xlen bits, so check the size beforehand...

CVE-2025-55727

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the width parameter in the column macro allows remote code execution for any user who can edit any page or who can...

CVE-2025-55727

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the width parameter in the column macro allows remote code execution for any user who can edit any page or who can...

CVE-2025-55727 XWiki Remote Macros vulnerable to remote code execution from width parameter in the column macro

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the width parameter in the column macro allows remote code execution for any user who can edit any page or who can...

CVE-2025-55727 XWiki Remote Macros vulnerable to remote code execution from width parameter in the column macro

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the width parameter in the column macro allows remote code execution for any user who can edit any page or who can...

CVE-2025-55727 XWiki Remote Macros vulnerable to remote code execution from width parameter in the column macro

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the width parameter in the column macro allows remote code execution for any user who can edit any page or who can...

CVE-2025-55727

CVE-2025-55727 affects XWiki Remote Macros (column macro width parameter). The issue: missing escaping of the width parameter in versions 1.0 through 1.26.4 enables remote code execution when a user can edit a page or access the CKEditor converter, due to unescaped XWiki syntax in the width param...

xwiki-pro-macros 安全漏洞

xwiki-pro-macros is an open source tool from XWiki SAS. It can enhance the functionality of XWiki. A security vulnerability exists in xwiki-pro-macros versions prior to 1.26.5, which stems from a lack of escaping of the width parameter and could lead to remote code execution...

PT-2025-36917

Name of the Vulnerable Software and Affected Versions: XWiki Remote Macros versions 1.0 through 1.26.5 Description: XWiki Remote Macros provides XWiki rendering macros used for content migration from Confluence. A missing escaping mechanism in the width parameter within the column macro allows fo...

@andrew_l/pino-pretty (>=0.2.17 <=0.3.22), @bdehamer/foo-a (>=0.1.0 <=0.1.1) +76 more potentially affected by unknown CVE via ansi-regex (>=6.0.0 <=6.1.0)

ansi-regex NPM version =6.0.0, =0.2.17, =0.1.0, =0.1.0, =2.1.0, =2.1.0, =3.1.0, =2.0.2, =2.0.0, =2.6.7, =1.0.0, =2.1.14, =2.1.15 - @platform/cell.cli =0.2.277 - @platform/cell.fs.sync =0.3.273 - @platform/cell.service =0.8.41 - @platform/cell.tmpl =0.1.109 and more Source cves: unknown CVE Source...

CVE-2025-41039 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigadminlandingpage', 'datasconfigcurrency', 'datasconfigdbversion', 'datasconfigdefaultpagination',...

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

...

Linux Distros Unpatched Vulnerability : CVE-2021-41160

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. In affected versions a malicious server might trigger ou...

CVE-2025-55212

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon ":" to montage -geometry leads GetGeometry to set width/height to 0. Later, ThumbnailImage divides by these zer...

ImageMagick affected by divide-by-zero in ThumbnailImage via montage -geometry ":" leads to crash

Summary Passing a geometry string containing only a colon ":" to montage -geometry leads GetGeometry to set width/height to 0. Later, ThumbnailImage divides by these zero dimensions, triggering a crash SIGFPE/abort, resulting in a denial of service. Details Root Cause 1. montage -geometry ":"...