Lucene search
+L

130 matches found

cvelist
cvelist
added 2022/08/22 7:6 p.m.42 views

CVE-2022-38668

HTTP applications servers based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB...

7.8AI score0.01111EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2022/08/22 12:0 a.m.5 views

PT-2022-4665 · Crow · Crow

Name of the Vulnerable Software and Affected Versions: Crow versions through 1.0+4 Description: The issue is related to HTTP applications based on Crow, where the use of HTTP pipelining can lead to a Use-After-Free condition, potentially allowing code execution. This occurs because the asynchrono...

9.8CVSS9.5AI score0.02133EPSS
Exploits1References10
cnnvd
cnnvd
added 2022/08/22 12:0 a.m.5 views

Crow 信息泄露漏洞

Crow is a C++ microframework for running Web services. An information disclosure vulnerability exists in Crow 1.0+4 and earlier versions of HTTP applications, which stems from the possibility that the HTTP application server may disclose sensitive data from the stack when processing a request for...

7.5CVSS7.2AI score0.01111EPSS
Exploits1References4
cnnvd
cnnvd
added 2022/08/22 12:0 a.m.7 views

Crow 资源管理错误漏洞

Crow is a C++ microframework for running Web services. A resource management error vulnerability exists in HTTP applications in Crow versions 1.0+4 and earlier, which stems from an attacker using its HTTP pipeline that could allow post-release reuse and remote code execution...

9.8CVSS8.8AI score0.02133EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2022/08/22 12:0 a.m.5 views

PT-2022-4664 · Crow · Crow

Name of the Vulnerable Software and Affected Versions: Crow versions through 1.0+4 Description: The issue is related to HTTP applications based on Crow, which may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB. This...

7.8CVSS7.4AI score0.01111EPSS
Exploits1References10
nvd
nvd
added 2022/08/04 7:15 p.m.29 views

CVE-2022-34970

Crow before 1.0+4 has a heap-based buffer overflow via the function qsparse in querystring.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service...

9.8CVSS0.02851EPSS
Exploits1References4
attackerkb
attackerkb
added 2022/08/04 7:15 p.m.4 views

CVE-2022-34970

Crow before 1.0+4 has a heap-based buffer overflow via the function qsparse in querystring.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service...

9.8CVSS6.4AI score0.02851EPSS
Exploits1References5
prion
prion
added 2022/08/04 7:15 p.m.25 views

Heap overflow

Crow before 1.0+4 has a heap-based buffer overflow via the function qsparse in querystring.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service...

7.5CVSS9.7AI score0.02851EPSS
Exploits1References4Affected Software1
euvd
euvd
added 2022/08/04 6:39 p.m.5 views

EUVD-2022-37872

Crow before 1.0+4 has a heap-based buffer overflow via the function qsparse in querystring.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service...

9.8CVSS9.7AI score0.02851EPSS
Exploits1References4
cve
cve
added 2022/08/04 6:39 p.m.73 views

CVE-2022-34970

The CVE-2022-34970 entry affects Crow v1.0+4 and is caused by a heap-based overflow in the qs_parse function of query_string.h. On successful exploitation, remote code execution in the context of the vulnerable Crow service is possible. The Red Hat and OSV/NVD entries corroborate this description...

9.8CVSS9.7AI score0.02851EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2022/08/04 6:39 p.m.35 views

CVE-2022-34970

Crow before 1.0+4 has a heap-based buffer overflow via the function qsparse in querystring.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service...

9.9AI score0.02851EPSS
Exploits1References4
osv
osv
added 2022/08/04 6:39 p.m.23 views

CVE-2022-34970

Crow before 1.0+4 has a heap-based buffer overflow via the function qsparse in querystring.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service...

9.8CVSS8AI score0.02851EPSS
Exploits1References6
cnnvd
cnnvd
added 2022/08/04 12:0 a.m.4 views

Crow 安全漏洞

Crow is a C++ microframework for running web services. A security vulnerability exists in Crow v1.0+4, which stems from a buffer overflow discovered via the qsparse function. An attacker could exploit this vulnerability to cause a Denial of Service DoS via specially crafted input...

9.8CVSS8.6AI score0.02851EPSS
Exploits1References5
cnvd
cnvd
added 2022/01/17 12:0 a.m.47 views

Crow Cross-Site Scripting Vulnerability

Crow is a C micro-framework for running Web services, and a security vulnerability exists in Crow that could be exploited to allow an attacker to manipulate input to introduce additional properties to potentially execute arbitrary code...

6.5CVSS4.3AI score0.00921EPSS
Exploits1References1
cnvd
cnvd
added 2022/01/17 12:0 a.m.39 views

Crow path traversal vulnerability

Crow is a C micro-framework for running Web services, and a security vulnerability exists in Crow that could be exploited by an attacker to traverse directories and obtain arbitrary files from the server...

7.5CVSS4.8AI score0.01589EPSS
Exploits1References1
nvd
nvd
added 2022/01/13 3:15 p.m.26 views

CVE-2021-23824

This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting XSS vulnerability, assuming an attacker can influence the...

6.5CVSS0.00921EPSS
Exploits1References3
osv
osv
added 2022/01/13 3:15 p.m.13 views

CVE-2021-23824

This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting XSS vulnerability, assuming an attacker can influence the...

6.1CVSS5.6AI score
Exploits0References3
prion
prion
added 2022/01/13 3:15 p.m.16 views

Cross site scripting

This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting XSS vulnerability, assuming an attacker can influence the...

4.3CVSS5.9AI score0.00921EPSS
Exploits1References3Affected Software1
nvd
nvd
added 2022/01/13 2:15 p.m.28 views

CVE-2021-23514

This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server...

7.5CVSS0.01589EPSS
Exploits1References3
osv
osv
added 2022/01/13 2:15 p.m.12 views

CVE-2021-23514

This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server...

7.5CVSS6.9AI score
Exploits0References3
Rows per page
Query Builder