CVE-2025-27195 Media Encoder | Heap-based Buffer Overflow (CWE-122)

Media Encoder versions 25.1, 24.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-27195 Media Encoder | Heap-based Buffer Overflow (CWE-122)

Media Encoder versions 25.1, 24.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-27194

CVE-2025-27194 affects Adobe Media Encoder prior to 24.6.5 / 25.2. The issue is an out-of-bounds write in Media Encoder that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. Affected versions incl...

CVE-2025-27194 Media Encoder | Out-of-bounds Write (CWE-787)

Media Encoder versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-27194 Media Encoder | Out-of-bounds Write (CWE-787)

Media Encoder versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Adobe Media Encoder 缓冲区错误漏洞

Adobe Media Encoder is an audio and video encoding application from the American company Audobee Adobe. Adobe Media Encoder suffers from an out-of-bounds write vulnerability that stems from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code...

Adobe Media Encoder 安全漏洞

Adobe Media Encoder is an audio and video encoding application from the American company Audobee Adobe. A security vulnerability exists in Adobe Media Encoder version 25.1 and versions 24.6.4 and earlier, which stems from a heap buffer overflow vulnerability that could lead to arbitrary code...

Adobe Media Encoder < 24.6.5 / 25.0 < 25.2 Multiple Arbitrary code execution (APSB25-24)

The version of Adobe Media Encoder installed on the remote Windows host is prior to 24.6.5, 25.2. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB25-24 advisory. - Heap-based Buffer Overflow CWE-122 potentially leading to Arbitrary code execution CVE-2025-27195 -...

Adobe Media Encoder < 24.6.5 / 25.0 < 25.2 Multiple Arbitrary code execution (APSB25-24) (macOS)

The version of Adobe Media Encoder installed on the remote macOS host is prior to 24.6.5, 25.2. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB25-24 advisory. - Heap-based Buffer Overflow CWE-122 potentially leading to Arbitrary code execution CVE-2025-27195 -...

APSB25-24 : Security update available for Adobe Media Encoder

Adobe has released an update for Adobe Media Encoder. This update resolves critical vulnerabilities that could lead to arbitrary code execution...

apollo-encoder (>=0.6.0 <=0.7.0), apollo-parser (>=0.6.0 <=0.7.1) +1 more potentially affected by CVE-2025-31496 via apollo-compiler (>=0.10.0 <=0.11.0)

apollo-compiler CARGO version =0.10.0, =0.6.0, =0.6.0, =0.7.1 - apollo-smith =0.4.0 Source cves: CVE-2025-31496 Source advisory: OSV:GHSA-7MPV-9XG6-5R79...

The vulnerability of the dpu_encoder_virt_atomic_mode_set() function in the Linux kernel’s Direct Rendering Infrastructure (DRI) support driver allows a malicious actor to cause a system crash.

The vulnerability of the dpuencodervirtatomicmodeset function in the Linux kernel’s Direct Rendering Infrastructure Support driver is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a system failure...

spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...

DEBIAN-CVE-2025-21985

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bound accesses WHAT & HOW hpostreamtolinkencodermapping has size MAXHPODP2ENCODERS=4, but location can have size up to 6. As a result, it is necessary to check location against MAXHPODP2ENCODERS...

UBUNTU-CVE-2025-21985

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bound accesses WHAT & HOW hpostreamtolinkencodermapping has size MAXHPODP2ENCODERS=4, but location can have size up to 6. As a result, it is necessary to check location against MAXHPODP2ENCODERS...

ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.44.0.3), ai.h2o:h2o-algos (>=3.2.0.1 <=3.44.0.3) +34 more potentially affected by CVE-2024-8062 via ai.h2o:h2o-core (>=3.2.0.1 <=3.44.0.3)

ai.h2o:h2o-core MAVEN version =3.2.0.1, =3.34.0.1, =3.2.0.1, =3.2.0.1, =3.30.0.1, =3.30.0.1, =3.30.0.1, =3.30.0.1, =3.30.0.1, =3.30.1.1, =3.30.0.1, =3.30.0.1, =3.30.0.1, =3.30.0.1, =3.34.0.3, =3.30.0.1, =3.44.0.3 and more Source cves: CVE-2024-8062 Source advisory: OSV:GHSA-5C8J-G96X-CJ78...

ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.11), ai.h2o:h2o-algos (>=0.1.9 <=3.46.0.11) +49 more potentially affected by CVE-2024-6854 via ai.h2o:h2o-core (>=0.1.10 <=3.8.3.4)

ai.h2o:h2o-core MAVEN version =0.1.10, =3.34.0.1, =0.1.9, =0.1.9, =3.12.0.1, =3.8.2.4, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.11 and more Source cves: CVE-2024-6854 Source advisory: SNYK:JAVA-AIH2O-9486740...

ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.11), ai.h2o:h2o-algos (>=0.1.9 <=3.46.0.11) +49 more potentially affected by CVE-2024-10549 via ai.h2o:h2o-core (>=0.1.10 <=3.8.3.4)

ai.h2o:h2o-core MAVEN version =0.1.10, =3.34.0.1, =0.1.9, =0.1.9, =3.12.0.1, =3.8.2.4, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.11 and more Source cves: CVE-2024-10549 Source advisory: SNYK:JAVA-AIH2O-9486742...

CVE-2025-22228

BCryptPasswordEncoder.matchesCharSequence,String will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same...

Authentication Bypass by Primary Weakness

Overview org.springframework.security:spring-security-crypto is a spring-security-crypto library for Spring Security. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in the BCryptPasswordEncoder.matches function, which only takes the first 72 characte...