Lucene search
K

19 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-1597

Malware in sbrugna...

6.5CVSS6.7AI score0.01681EPSS
Exploits1References4
Debian
Debian
added 2025/01/20 2:47 p.m.8 views

[SECURITY] [DLA 4024-1] poco security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4024-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk January 20, 2025 https://wiki.debian.org/LTS -...

9.8CVSS7.1AI score0.00851EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/07/11 10:12 a.m.17 views

New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign

Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan RAT called Poco RAT since at least February 2024. The attacks primarily single out mining, manufacturing, hospitality, and utilities sectors, according to cybersecurity company Cofense...

6.7AI score
Exploits0
Fedora
Fedora
added 2018/01/30 5:33 p.m.21 views

[SECURITY] Fedora 26 Update: poco-1.7.8p3-3.fc26

The POCO C++ Libraries POCO stands for POrtable COmponents are open source C++ class libraries that simplify and accelerate the development of network-centric, portable applications in C++. The POCO C++ Libraries are built strictly on standard ANSI/ISO C++, including the standard library...

6.5CVSS2.1AI score0.01681EPSS
Exploits1
Fedora
Fedora
added 2018/01/26 6:10 p.m.17 views

[SECURITY] Fedora 27 Update: poco-1.7.8p3-3.fc27

The POCO C++ Libraries POCO stands for POrtable COmponents are open source C++ class libraries that simplify and accelerate the development of network-centric, portable applications in C++. The POCO C++ Libraries are built strictly on standard ANSI/ISO C++, including the standard library...

6.5CVSS2.1AI score0.01681EPSS
Exploits1
NVD
NVD
added 2018/01/03 8:29 p.m.21 views

CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

6.5CVSS6.5AI score0.01681EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2018/01/03 8:29 p.m.17 views

CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

6.5CVSS6.6AI score0.01681EPSS
Exploits1References2
OSV
OSV
added 2018/01/03 8:29 p.m.18 views

CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

6.5CVSS6.9AI score
Exploits0References3
CVE
CVE
added 2018/01/03 8:0 p.m.150 views

CVE-2017-1000472

POCO C++ Libraries prior to 1.8 contain a ZIP path-validation flaw in ZipCommon::isValidPath() that can allow absolute path traversal during ZIP decompression, potentially enabling creation or overwriting of arbitrary files via a crafted ZIP file. Reports across multiple distributions (Debian, Fe...

6.5CVSS6.4AI score0.01681EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2018/01/03 8:0 p.m.13 views

CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

6.5CVSS6.5AI score0.01681EPSS
Exploits1
Cvelist
Cvelist
added 2018/01/03 8:0 p.m.26 views

CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

6.5AI score0.01681EPSS
Exploits1References3
Fedora
Fedora
added 2016/02/21 4:37 p.m.29 views

[SECURITY] Fedora 23 Update: poco-1.4.2p1-3.fc23

The POCO C++ Libraries POCO stands for POrtable COmponents are open source C++ class libraries that simplify and accelerate the development of network-centric, portable applications in C++. The POCO C++ Libraries are built strictly on standard ANSI/ISO C++, including the standard library...

6.4CVSS2.1AI score0.01218EPSS
Exploits0
Fedora
Fedora
added 2016/02/21 2:30 a.m.38 views

[SECURITY] Fedora 22 Update: poco-1.4.2p1-3.fc22

The POCO C++ Libraries POCO stands for POrtable COmponents are open source C++ class libraries that simplify and accelerate the development of network-centric, portable applications in C++. The POCO C++ Libraries are built strictly on standard ANSI/ISO C++, including the standard library...

6.4CVSS2.1AI score0.01218EPSS
Exploits0
NVD
NVD
added 2014/04/26 1:55 a.m.21 views

CVE-2014-0350

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...

6.4CVSS6AI score0.01218EPSS
Exploits0References4
Prion
Prion
added 2014/04/26 1:55 a.m.17 views

Code injection

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...

6.4CVSS6.7AI score0.01218EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2014/04/26 1:55 a.m.26 views

CVE-2014-0350

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...

6.4CVSS6.6AI score0.01218EPSS
Exploits0References3
CVE
CVE
added 2014/04/26 1:0 a.m.59 views

CVE-2014-0350

The CVE concerns POCO C++ Libraries’ NetSSL X509Certificate::verify in Poco::Net, vulnerable before 1.4.6p4 to MITM via crafted DNS PTRs during server-name wildcard comparison. Affected product: POCO’s NetSSL in POCO C++ Libraries; root cause: weak validation of X.509 CN/SAN matching against wild...

6.4CVSS6AI score0.01218EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2014/04/26 1:0 a.m.35 views

CVE-2014-0350

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...

6.4CVSS6AI score0.01218EPSS
Exploits0
CERT
CERT
added 2014/04/24 12:0 a.m.90 views

POCO C++ Libraries NetSSL library fails to properly validate wildcard certificates

Overview The POCO C++ Libraries NetSSL library fails to properly validate wildcard certificates, allowing an attacker to trick the victim application into trusting a malicious certificate. Description CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action Guenter Obiltschnig o...

6.4CVSS6.1AI score0.01218EPSS
Exploits0References3
Rows per page
Query Builder