Lucene search
K

140 matches found

Prion
Prion
added 2023/02/24 11:15 p.m.12 views

Deserialization of untrusted data

LiteDB is a small, fast and lightweight .NET NoSQL embedded database. Versions prior to 5.0.13 are subject to Deserialization of Untrusted Data. LiteDB uses a special field in JSON documents to cast different types from BsonDocument to POCO classes. When instances of an object are not the same of...

7.5CVSS9.2AI score0.00699EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/02/24 10:40 p.m.16 views

CVE-2022-23535 LiteDB contains Deserialization of Untrusted Data

LiteDB is a small, fast and lightweight .NET NoSQL embedded database. Versions prior to 5.0.13 are subject to Deserialization of Untrusted Data. LiteDB uses a special field in JSON documents to cast different types from BsonDocument to POCO classes. When instances of an object are not the same of...

7.3CVSS9.6AI score0.00699EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/09/14 11:15 a.m.73 views

CVE-2022-40674

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c...

8.1CVSS6.8AI score0.01659EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2022/02/18 5:15 a.m.56 views

CVE-2022-25315

In Expat aka libexpat before 2.4.5, there is an integer overflow in storeRawNames...

9.8CVSS6.9AI score0.04781EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2022/02/18 5:15 a.m.77 views

CVE-2022-25314

In Expat aka libexpat before 2.4.5, there is an integer overflow in copyString...

7.5CVSS6.8AI score0.04654EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/02/15 12:0 a.m.102 views

CVE-2022-25235

xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context...

9.8CVSS6.9AI score0.04955EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2022/02/15 12:0 a.m.65 views

CVE-2022-25236

xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...

9.8CVSS6.8AI score0.34174EPSS
Exploits0References13
UbuntuCve
UbuntuCve
added 2022/01/26 7:15 p.m.73 views

CVE-2022-23990

Expat aka libexpat before 2.4.4 has an integer overflow in the doProlog function...

7.5CVSS6.9AI score0.03992EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/01/10 2:12 p.m.48 views

CVE-2022-22827

storeAtts in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

8.8CVSS6.9AI score0.02778EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2022/01/10 2:12 p.m.49 views

CVE-2022-22826

nextScaffoldPart in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

8.8CVSS7AI score0.02778EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/09/20 12:0 a.m.9 views

PT-2024-14579 · Poco +1 · Poco +1

Name of the Vulnerable Software and Affected Versions: POCO versions prior to 1.11.8p2 POCO versions prior to 1.12.5p2 POCO versions prior to 1.13.0 Description: The issue is caused by an integer overflow and resultant stack buffer overflow in UTF32Encoding.cpp, specifically in the...

10CVSS7.6AI score0.06643EPSS
Exploits2References32
OSV
OSV
added 2019/02/18 11:54 p.m.15 views

GHSA-F757-9C4X-CHFF poco downloads Resources over HTTP

Affected versions of poco insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

8.1CVSS8.1AI score0.01752EPSS
Exploits0References3
CNVD
CNVD
added 2018/05/31 12:0 a.m.2 views

poco code execution vulnerability

poco is an open source C++ class library for building web-based applications on servers, desktops and embedded systems. A security vulnerability exists in poco that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the...

9.3CVSS7.2AI score0.01752EPSS
Exploits0References1
Veracode
Veracode
added 2018/05/30 2:15 a.m.16 views

Man-in-the-Middle (MitM)

poco is vulnerable to man-in-the-middle MitM attacks. The application downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

8.1CVSS8.3AI score0.01752EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/05/29 8:29 p.m.24 views

CVE-2016-10659

poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network o...

9.3CVSS8.4AI score0.01752EPSS
Exploits0References1
OSV
OSV
added 2018/05/29 8:29 p.m.16 views

CVE-2016-10659

poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network o...

8.1CVSS8.6AI score
Exploits0References1
Prion
Prion
added 2018/05/29 8:29 p.m.10 views

Remote code execution

poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network o...

9.3CVSS8.1AI score0.01752EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/05/29 8:0 p.m.24 views

CVE-2016-10659

poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network o...

8.4AI score0.01752EPSS
Exploits0References1
CVE
CVE
added 2018/05/29 8:0 p.m.51 views

CVE-2016-10659

The CVE affects the Poco libraries: it downloads source/executable resources over HTTP, enabling MITM interception and potential remote code execution if an attacker sits between the user and the remote server. Documented in multiple sources (GHSA- F757-9C4X-CHFF, NVD) with no patch available; re...

9.3CVSS8.3AI score0.01752EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2018/01/31 12:0 a.m.21 views

Fedora Update for poco FEDORA-2018-7349a7723e

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.01681EPSS
Exploits1References2
Rows per page
Query Builder