📦 Cloud Backup

CVE-2021-43527 is a critical heap overflow vulnerability in NSS (Network Security Services) that allows remote code execution when processing malicious DER-encoded DSA or RSA-PSS signatures. It affect...

CVE-2021-42377 is a critical vulnerability in BusyBox's hush shell applet where an attacker-controlled pointer free leads to denial of service and potential remote code execution when processing a cra...

CVE-2021-42013 is a critical path traversal vulnerability in Apache HTTP Server that allows attackers to access files outside configured directories. If CGI scripts are enabled for aliased paths, this...

CVE-2021-41773 is a path traversal vulnerability in Apache HTTP Server 2.4.49 that allows attackers to access files outside configured directories. If CGI is enabled, this can lead to remote code exec...

CVE-2021-39275 is a critical buffer overflow vulnerability in Apache HTTP Server's ap_escape_quotes() function that could allow remote code execution or denial of service. The vulnerability affects Ap...

CVE-2021-26691 is a critical heap overflow vulnerability in Apache HTTP Server that allows remote attackers to execute arbitrary code or cause denial of service. Attackers can exploit this by sending ...

CVE-2021-3520 is an integer overflow vulnerability in the LZ4 compression library that allows attackers to trigger out-of-bounds writes by submitting crafted files. This can lead to application crashe...

This CVE describes a use-after-free vulnerability in the GNU C Library (glibc) mq_notify function affecting versions 2.32 and 2.33. Attackers could exploit this to cause denial of service (application...

This vulnerability in NGINX Controller Agent versions 1.0.1, 2.0.0-2.9.0, and 3.0.0-3.9.0 allows attackers to execute arbitrary code with root privileges by exploiting path traversal in system utility...

This vulnerability allows unauthenticated attackers to read memory outside intended boundaries in Intel AMT subsystems, potentially enabling information disclosure or denial of service. Affected syste...

This vulnerability allows an unauthenticated attacker to write data outside intended memory boundaries in the IPv6 subsystem of Intel Active Management Technology (AMT) and Intel Standard Manageabilit...

CVE-2023-28656 is an authorization bypass vulnerability in NGINX Management Suite that allows authenticated users to access configuration objects outside their assigned environment boundaries. This af...

This vulnerability is an out-of-bounds write in Intel processor firmware that allows a privileged user to potentially escalate privileges via local access. It affects specific Intel processors and req...

This vulnerability allows an authenticated attacker with local access to improperly validate input in Intel processor firmware, potentially enabling privilege escalation. It affects specific Intel pro...

This vulnerability allows an unauthenticated attacker with local access to improperly access firmware controls in certain Intel processors, potentially enabling privilege escalation. It affects system...

This firmware vulnerability in certain Intel processors allows authenticated local users to potentially escalate privileges by exploiting insufficient control flow management. It affects systems with ...

CVE-2017-5123 is a Linux kernel vulnerability in the waitid system call that allows insufficient data validation, enabling local privilege escalation. It allows attackers to escape sandboxes and conta...

This vulnerability in the Linux kernel's MIPS BPF JIT compiler allows unprivileged users to execute arbitrary code with kernel privileges. It affects Linux systems running on MIPS architecture with ke...

This is a local privilege escalation vulnerability in the Linux kernel's io_uring subsystem. It allows local users to trigger a use-after-free condition by exploiting the IORING_OP_PROVIDE_BUFFERS ope...

CVE-2021-36160 is an out-of-bounds read vulnerability in Apache HTTP Server's mod_proxy_uwsgi module. A specially crafted URI path can cause the server to read beyond allocated memory boundaries, lead...

A local privilege escalation vulnerability in Linux kernel versions before 5.9-rc1 allows attackers with local access to crash systems or gain root privileges through improper bounds checking in joyst...

This vulnerability allows an attacker to perform heap out-of-bounds writes in the Linux kernel's netfilter subsystem, specifically in x_tables.c. Attackers can exploit this to escalate privileges to r...

This CVE-2021-28691 vulnerability allows a malicious or buggy Xen paravirtualized network frontend to trigger a use-after-free condition in Linux xen-netback. When exploited, it can cause kernel threa...

CVE-2021-22901 is a use-after-free vulnerability in curl/libcurl that allows a malicious TLS 1.3 server to potentially execute arbitrary code on the client. This affects curl clients using OpenSSL wit...

This vulnerability is an out-of-bounds read in Intel processor firmware that allows authenticated local users to potentially escalate privileges. It affects specific Intel processors and requires loca...

This vulnerability in the Linux kernel's BPF verifier allows incorrect pointer arithmetic limits, enabling out-of-bounds memory access. Attackers can exploit this to read/write kernel memory and escal...

This CVE describes a use-after-free vulnerability in the Linux kernel's Sun keyboard driver (sunkbd). An attacker with local access can potentially exploit this to cause a kernel crash (denial of serv...

This CVE describes a use-after-free vulnerability in the Linux kernel's NFC LLCP (Logical Link Control Protocol) implementation. An attacker could exploit this to cause privilege escalation from a loc...

This CVE-2021-22543 vulnerability in Linux KVM allows attackers with VM control privileges to bypass read-only memory checks, potentially leading to memory corruption and local privilege escalation. I...

CVE-2020-25672 is a memory leak vulnerability in the Linux kernel's llcp_sock_connect function. This vulnerability allows attackers to cause denial of service by exhausting system memory, affecting sy...

A race condition in the Linux kernel's Bluetooth HCI controller removal allows local attackers to cause a use-after-free condition. This can lead to system crashes or potential privilege escalation. A...

This vulnerability in the Linux kernel's KVM API allows a user process to trigger an out-of-bounds write by manipulating the internal.ndata value. It affects Linux kernel versions before 5.12, potenti...

CVE-2021-29489 is a cross-site scripting (XSS) vulnerability in Highcharts JS versions 8 and earlier. It allows attackers to inject malicious scripts through untrusted chart options, potentially execu...

This vulnerability in BIND DNS servers allows remote attackers to cause denial of service by sending specially crafted DNS queries that trigger an assertion failure, causing the named process to termi...

This vulnerability in Linux kernel BPF JIT compilers allows attackers to execute arbitrary code within kernel context due to incorrect branch displacement calculations. It affects Linux systems with k...

This is a buffer overflow vulnerability in the rtl8188eu Wi-Fi driver staging code in Linux kernels up to 5.11.6. It allows writing beyond the end of the ssid[] array during scan operations, potential...

This vulnerability in the Linux kernel allows user applications to send kernel RPC messages through the fastrpc driver, bypassing intended access controls. It affects Linux systems with kernel version...

This CVE describes a double-free vulnerability in ssh-agent component of OpenSSH versions before 8.5. It could allow attackers to potentially execute arbitrary code or cause denial of service in speci...