EUVD-2014-0388

Malware in sbrugna...

POCO 安全漏洞

POCO is a cross-platform C++ library open-sourced by POCO. It is used to build web and internet based applications that run on desktop, server, mobile, IoT and embedded systems. A security vulnerability exists in POCO v1.14.1-release that stems from a weak encryption issue...

DEBIAN-CVE-2025-6375

A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has bee...

UBUNTU-CVE-2025-6375

A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has bee...

PT-2025-26479 · Poco +1 · Poco +1

Name of the Vulnerable Software and Affected Versions: Poco versions up to 1.14.1 Description: A null pointer dereference issue was found in the MultipartInputStream function of the file Net/src/MultipartReader.cpp. This issue can be exploited locally. The estimated number of potentially affected...

OSV-2024-1218 UNKNOWN READ in Poco::UTF16Encoding::queryConvert

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372765426 Crash type: UNKNOWN READ Crash state: Poco::UTF16Encoding::queryConvert Poco::TextConverter::convert Poco::Net::NTLMCredentials::parseChallengeMessage...

OSV-2024-1216 Use-of-uninitialized-value in Poco::Net::NTLMCredentials::parseChallengeMessage

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372764172 Crash type: Use-of-uninitialized-value Crash state: Poco::Net::NTLMCredentials::parseChallengeMessage Poco::Net::HTTPNTLMCredentials::createNTLMMessage Poco::Net::HTTPNTLMCredentials::authenticate...

OSV-2024-1071 Use-of-uninitialized-value in Poco::Dynamic::Var::~Var

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42538385 Crash type: Use-of-uninitialized-value Crash state: Poco::Dynamic::Var::Var void Poco::JSON::Object::doStringifystd::1::mapstd::1::basicstringchar, Poco::JWT::Serializer::serialize...

SUSE CVE-2023-52389

UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert and Poco::UTF32::queryConvert may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in...

POCO Security Breach

POCO is POCO open source a cross-platform C++ library . It is used to build web and internet based applications that run on desktop, server, mobile, IoT and embedded systems. A security vulnerability exists in POCO that stems from the presence of an integer overflow issue that results in a stack...

poco code execution vulnerability

poco is an open source C++ class library for building web-based applications on servers, desktops and embedded systems. A security vulnerability exists in poco that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the...

CVE-2016-10659

poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network o...

UBUNTU-CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

CVE-2014-0350

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...

DEBIAN-CVE-2014-0350

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...

UBUNTU-CVE-2014-0350

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...