Lucene search
K

140 matches found

Cvelist
Cvelist
added 2018/01/03 8:0 p.m.25 views

CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

6.5AI score0.01681EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2018/01/03 8:0 p.m.13 views

CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

6.5CVSS6.5AI score0.01681EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2018/01/03 12:0 a.m.11 views

PT-2018-5238 · Poco +1 · Poco C++ Libraries +1

Name of the Vulnerable Software and Affected Versions: POCO C++ Libraries versions prior to 1.8 Description: The issue concerns a "file path injection vulnerability" in the ZipCommon::isValidPath function, which does not properly restrict the filename value in the ZIP header. This allows attacker...

9.8CVSS7.5AI score0.06643EPSS
Exploits2References22
The Hacker News
The Hacker News
added 2017/02/28 3:6 a.m.70 views

Critical Flaw in ESET Antivirus Exposes Mac Users to Remote Hacking

What could be more exciting for hackers than exploiting a vulnerability in a widely used software without having to struggle too much? One such easy-to-exploit, but critical vulnerability has been discovered in ESET's antivirus software that could allow any unauthenticated attackers to remotely...

7.5CVSS8.8AI score0.13335EPSS
Exploits4
Node.js
Node.js
added 2016/12/02 1:29 a.m.36 views

Downloads Resources over HTTP

Overview Affected versions of poco insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

9.3CVSS5.6AI score0.01752EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.20 views

Fedora 23 : poco-1.4.2p1-3.fc23 (2016-4a3e5618eb)

Apply patch for CVE-2014-0350 1091813 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

6.4CVSS6.4AI score0.01218EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.28 views

Fedora 22 : poco-1.4.2p1-3.fc22 (2016-0b3a611401)

Apply patch for CVE-2014-0350 1091813 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

6.4CVSS6.4AI score0.01218EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2016/02/22 12:0 a.m.28 views

Fedora Update for poco FEDORA-2016-4

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.4CVSS6.5AI score0.01218EPSS
Exploits0References2
Fedora
Fedora
added 2016/02/21 4:37 p.m.29 views

[SECURITY] Fedora 23 Update: poco-1.4.2p1-3.fc23

The POCO C++ Libraries POCO stands for POrtable COmponents are open source C++ class libraries that simplify and accelerate the development of network-centric, portable applications in C++. The POCO C++ Libraries are built strictly on standard ANSI/ISO C++, including the standard library...

6.4CVSS2.1AI score0.01218EPSS
Exploits0
Fedora
Fedora
added 2016/02/21 2:30 a.m.38 views

[SECURITY] Fedora 22 Update: poco-1.4.2p1-3.fc22

The POCO C++ Libraries POCO stands for POrtable COmponents are open source C++ class libraries that simplify and accelerate the development of network-centric, portable applications in C++. The POCO C++ Libraries are built strictly on standard ANSI/ISO C++, including the standard library...

6.4CVSS2.1AI score0.01218EPSS
Exploits0
OpenVAS
OpenVAS
added 2016/02/21 12:0 a.m.17 views

Fedora Update for poco FEDORA-2016-0

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.4CVSS6.5AI score0.01218EPSS
Exploits0References2
NVD
NVD
added 2014/04/26 1:55 a.m.21 views

CVE-2014-0350

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...

6.4CVSS6AI score0.01218EPSS
Exploits0References4
OSV
OSV
added 2014/04/26 1:55 a.m.7 views

CVE-2014-0350

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...

6.2AI score
Exploits0References4
OSV
OSV
added 2014/04/26 1:55 a.m.2 views

DEBIAN-CVE-2014-0350

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...

6.4CVSS6.2AI score0.01218EPSS
Exploits0References1
OSV
OSV
added 2014/04/26 1:55 a.m.6 views

UBUNTU-CVE-2014-0350

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...

6.4CVSS5.8AI score0.01218EPSS
Exploits0References4
Prion
Prion
added 2014/04/26 1:55 a.m.17 views

Code injection

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...

6.4CVSS6.7AI score0.01218EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2014/04/26 1:55 a.m.25 views

CVE-2014-0350

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...

6.4CVSS6.6AI score0.01218EPSS
Exploits0References3
CVE
CVE
added 2014/04/26 1:0 a.m.59 views

CVE-2014-0350

The CVE concerns POCO C++ Libraries’ NetSSL X509Certificate::verify in Poco::Net, vulnerable before 1.4.6p4 to MITM via crafted DNS PTRs during server-name wildcard comparison. Affected product: POCO’s NetSSL in POCO C++ Libraries; root cause: weak validation of X.509 CN/SAN matching against wild...

6.4CVSS6AI score0.01218EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2014/04/26 1:0 a.m.28 views

CVE-2014-0350

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...

6.4CVSS6AI score0.01218EPSS
Exploits0
CERT
CERT
added 2014/04/24 12:0 a.m.90 views

POCO C++ Libraries NetSSL library fails to properly validate wildcard certificates

Overview The POCO C++ Libraries NetSSL library fails to properly validate wildcard certificates, allowing an attacker to trick the victim application into trusting a malicious certificate. Description CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action Guenter Obiltschnig o...

6.4CVSS6.1AI score0.01218EPSS
Exploits0References3
Rows per page
Query Builder