Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

CVE-2022-33684

The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the middle attack and intercept and/or modify the GET request that is sent to the ClientCredentialFlow 'issuer url'. The intercepted credentials can be used to acquire authentication data from the OAuth2.0 server to then authenticate with an Apache Pulsar cluster. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack. The Apache Pulsar Python Client wraps the C++ client, so it is also vulnerable in the same way. This issue affects Apache Pulsar C++ Client and Python Client versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0 to 2.10.1; 2.6.4 and earlier. Any users running affecte...

CVE
Open in Source
#vulnerability#mac#apache#c++#oauth#auth#ssl
CVE-2022-44638: Integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (#63) · Issues · Pixman / pixman · GitLab

In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.

The Rise of Rust, the ‘Viral’ Secure Programming Language That’s Taking Over Tech

Rust makes it impossible to introduce some of the most common security vulnerabilities. And its adoption can’t come soon enough.

CVE-2022-43254: Memory Leak in gf_list_new utils/list.c:601 · Issue #2284 · gpac/gpac

GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c.

CVE-2022-43255: Memory Leak in gf_odf_new_iod odf/odf_code.c:415 · Issue #2285 · gpac/gpac

GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c.

CVE-2022-43245: SEGV sao.cc: in void apply_sao_internal<unsigned short> · Issue #352 · strukturag/libde265

Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43240: Heap-buffer-overflow in sse-motion.cc: ff_hevc_put_hevc_qpel_h_2_v_1_sse · Issue #335 · strukturag/libde265

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43236: Stack-buffer-overflow in fallback-motion.cc: void put_qpel_fallback<unsigned short> · Issue #343 · strukturag/libde265

Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43241: Crash in see-motion.cc: ff_hevc_put_hevc_qpel_v_3_8_sse · Issue #338 · strukturag/libde265

Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43238: Unknown crash in sse-motion.cc: ff_hevc_put_hevc_qpel_h_3_v_3_sse · Issue #336 · strukturag/libde265

Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.