Adobe Media Encoder 输入验证错误漏洞

Adobe Media Encoder is a audio and video encoding application developed by Adobe, a company based in the United States. Versions of Adobe Media Encoder such as 26.0.2, 25.6.4, and earlier versions had a vulnerability related to input validation errors. This vulnerability stemmed from integer...

Adobe Media Encoder 缓冲区错误漏洞

Adobe Media Encoder is a audio and video encoding application developed by Adobe, a company based in the United States. Versions of Adobe Media Encoder such as 26.0.2, 25.6.4, and earlier versions have a buffer error vulnerability. This vulnerability stems from out-of-bounds writing, which may...

APSB26-47 : Security update available for Adobe Media Encoder

Adobe has released an update for Adobe Media Encoder. This update resolves critical vulnerabilities that could lead to arbitrary code execution...

Adobe Media Encoder < 25.6.5 / 26.0.0 < 26.2.0 Multiple Arbitrary code execution (APSB26-47) (macOS)

The version of Adobe Media Encoder installed on the remote macOS host is prior to 25.6.5, 26.2.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-47 advisory. - Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound...

Adobe Media Encoder < 25.6.5 / 26.0.0 < 26.2.0 Multiple Arbitrary code execution (APSB26-47)

The version of Adobe Media Encoder installed on the remote Windows host is prior to 25.6.5, 26.2.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-47 advisory. - Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound...

CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cowsse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefixlines/2 function...

CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...

CVE-2026-43969

CVE-2026-43969 affects the Erlang/Elixir cowlib project (cow_cookie:cookie/1). The encoder builds a client-side Cookie header from name-value pairs without validating characters, allowing an attacker-controlled cookie name or value to inject CR, LF, semicolon, comma, or TAB. This enables cookie s...

CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...

EEF-CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1

Summary Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value...

CVE-2026-43969

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...

HTTP Response Splitting

Overview eventsource-encoder is an Encodes events as well-formed EventSource/Server Sent Event SSE messages Affected versions of this package are vulnerable to HTTP Response Splitting via unsanitized event and id fields in the encoding process. An attacker can inject arbitrary Server-Sent Events...

GHSA-RGRR-P7GP-5XJ7 Netty Redis Codec Encoder has a CRLF Injection Issue

Security Vulnerability Report: CRLF Injection in Netty Redis Codec Encoder 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions with codec-redis | | Component | io.netty.handler.codec.redis.RedisEncoder | | Vulnerability...

Netty Redis Codec Encoder has a CRLF Injection Issue

Security Vulnerability Report: CRLF Injection in Netty Redis Codec Encoder 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions with codec-redis | | Component | io.netty.handler.codec.redis.RedisEncoder | | Vulnerability...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection in the RedisEncoder component. An attacker can inject arbitrary Redis commands or forge responses by supplying input containing CRLF sequences, which are not properly sanitized before being written to the network output...

Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder)

Security Vulnerability Report: DNS Codec Input Validation Bypass in Netty Encoder + Decoder 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions with codec-dns | | Component | io.netty.handler.codec.dns.DnsCodecUtil | |...

PT-2026-38378

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.133.Final Netty versions prior to 4.2.13.Final Description The Netty Redis codec encoder RedisEncoder writes user-controlled string content directly to the network output buffer without validating or sanitizing CRLF...

Linux Distros Unpatched Vulnerability : CVE-2026-43235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: media: iris: Add missing platform data entries for SM8750 Two platform-data fields for SM875...

CVE-2026-43243

A flaw was found in the drm/amd/display component of the Linux kernel. A missing signal type check in the dcn401 getphyd32clksrc function, when attempting to access link encoder link enc on a DisplayPort Interoperability and Compliance Association DPIA link, can lead to a system crash. This...

CVE-2026-43235

A flaw was found in the iris media driver within the Linux kernel. Missing platform data entries for the SM8750 component prevent the driver from allocating necessary internal buffers. This can lead to failures in basic video decoding and encoding operations, effectively causing a Denial of Servi...