140 matches found
Deserialization of untrusted data
LiteDB is a small, fast and lightweight .NET NoSQL embedded database. Versions prior to 5.0.13 are subject to Deserialization of Untrusted Data. LiteDB uses a special field in JSON documents to cast different types from BsonDocument to POCO classes. When instances of an object are not the same of...
CVE-2022-23535 LiteDB contains Deserialization of Untrusted Data
LiteDB is a small, fast and lightweight .NET NoSQL embedded database. Versions prior to 5.0.13 are subject to Deserialization of Untrusted Data. LiteDB uses a special field in JSON documents to cast different types from BsonDocument to POCO classes. When instances of an object are not the same of...
CVE-2022-40674
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c...
CVE-2022-25315
In Expat aka libexpat before 2.4.5, there is an integer overflow in storeRawNames...
CVE-2022-25314
In Expat aka libexpat before 2.4.5, there is an integer overflow in copyString...
CVE-2022-25235
xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context...
CVE-2022-25236
xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...
CVE-2022-23990
Expat aka libexpat before 2.4.4 has an integer overflow in the doProlog function...
CVE-2022-22827
storeAtts in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...
CVE-2022-22826
nextScaffoldPart in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...
PT-2024-14579 · Poco +1 · Poco +1
Name of the Vulnerable Software and Affected Versions: POCO versions prior to 1.11.8p2 POCO versions prior to 1.12.5p2 POCO versions prior to 1.13.0 Description: The issue is caused by an integer overflow and resultant stack buffer overflow in UTF32Encoding.cpp, specifically in the...
GHSA-F757-9C4X-CHFF poco downloads Resources over HTTP
Affected versions of poco insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...
poco code execution vulnerability
poco is an open source C++ class library for building web-based applications on servers, desktops and embedded systems. A security vulnerability exists in poco that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the...
Man-in-the-Middle (MitM)
poco is vulnerable to man-in-the-middle MitM attacks. The application downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...
CVE-2016-10659
poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network o...
CVE-2016-10659
poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network o...
Remote code execution
poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network o...
CVE-2016-10659
poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network o...
CVE-2016-10659
The CVE affects the Poco libraries: it downloads source/executable resources over HTTP, enabling MITM interception and potential remote code execution if an attacker sits between the user and the remote server. Documented in multiple sources (GHSA- F757-9C4X-CHFF, NVD) with no patch available; re...
Fedora Update for poco FEDORA-2018-7349a7723e
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...