- EPSS 0.02%
- Veröffentlicht 06.08.2025 00:00:00
- Zuletzt bearbeitet 17.08.2025 04:15:33
poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4...
CVE-2025-6375
- EPSS 0.04%
- Veröffentlicht 21.06.2025 00:31:06
- Zuletzt bearbeitet 18.09.2025 13:38:16
A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack need...
CVE-2023-52389
- EPSS 0.14%
- Veröffentlicht 27.01.2024 03:15:07
- Zuletzt bearbeitet 29.05.2025 16:15:30
UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a val...
CVE-2017-1000472
- EPSS 0.47%
- Veröffentlicht 03.01.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:04:48
The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompre...