VYPR

POCO C++ Libraries

by POCO C++ Libraries

CVEs (2)

  • CVE-2017-1000472MedJan 3, 2018
    risk 0.42cvss 6.5epss 0.02

    The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or…

  • CVE-2014-0350Apr 26, 2014
    risk 0.00cvss epss 0.01

    The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an…