130 matches found
CVE-2022-38668
HTTP applications servers based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB...
PT-2022-4665 · Crow · Crow
Name of the Vulnerable Software and Affected Versions: Crow versions through 1.0+4 Description: The issue is related to HTTP applications based on Crow, where the use of HTTP pipelining can lead to a Use-After-Free condition, potentially allowing code execution. This occurs because the asynchrono...
Crow 信息泄露漏洞
Crow is a C++ microframework for running Web services. An information disclosure vulnerability exists in Crow 1.0+4 and earlier versions of HTTP applications, which stems from the possibility that the HTTP application server may disclose sensitive data from the stack when processing a request for...
Crow 资源管理错误漏洞
Crow is a C++ microframework for running Web services. A resource management error vulnerability exists in HTTP applications in Crow versions 1.0+4 and earlier, which stems from an attacker using its HTTP pipeline that could allow post-release reuse and remote code execution...
PT-2022-4664 · Crow · Crow
Name of the Vulnerable Software and Affected Versions: Crow versions through 1.0+4 Description: The issue is related to HTTP applications based on Crow, which may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB. This...
CVE-2022-34970
Crow before 1.0+4 has a heap-based buffer overflow via the function qsparse in querystring.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service...
CVE-2022-34970
Crow before 1.0+4 has a heap-based buffer overflow via the function qsparse in querystring.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service...
Heap overflow
Crow before 1.0+4 has a heap-based buffer overflow via the function qsparse in querystring.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service...
EUVD-2022-37872
Crow before 1.0+4 has a heap-based buffer overflow via the function qsparse in querystring.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service...
CVE-2022-34970
The CVE-2022-34970 entry affects Crow v1.0+4 and is caused by a heap-based overflow in the qs_parse function of query_string.h. On successful exploitation, remote code execution in the context of the vulnerable Crow service is possible. The Red Hat and OSV/NVD entries corroborate this description...
CVE-2022-34970
Crow before 1.0+4 has a heap-based buffer overflow via the function qsparse in querystring.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service...
CVE-2022-34970
Crow before 1.0+4 has a heap-based buffer overflow via the function qsparse in querystring.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service...
Crow 安全漏洞
Crow is a C++ microframework for running web services. A security vulnerability exists in Crow v1.0+4, which stems from a buffer overflow discovered via the qsparse function. An attacker could exploit this vulnerability to cause a Denial of Service DoS via specially crafted input...
Crow Cross-Site Scripting Vulnerability
Crow is a C micro-framework for running Web services, and a security vulnerability exists in Crow that could be exploited to allow an attacker to manipulate input to introduce additional properties to potentially execute arbitrary code...
Crow path traversal vulnerability
Crow is a C micro-framework for running Web services, and a security vulnerability exists in Crow that could be exploited by an attacker to traverse directories and obtain arbitrary files from the server...
CVE-2021-23824
This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting XSS vulnerability, assuming an attacker can influence the...
CVE-2021-23824
This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting XSS vulnerability, assuming an attacker can influence the...
Cross site scripting
This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting XSS vulnerability, assuming an attacker can influence the...
CVE-2021-23514
This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server...
CVE-2021-23514
This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server...