Follow Security Vulnerabilities
in your favorite software stacks
Use stack.watch to create a software stack (a list of software you use), then get a weekly email with security vulnerabilities that occurr within your stack.
Most Vulnerabilities most CVEs per product since 2018
Red Hat Enterprise Linux Server 808 vulnerabilities
RedHat Enterprise Linux (RHEL) Server. Includes software bundeled with RHEL server.
Red Hat Enterprise Linux Workstation 787 vulnerabilities
RedHat Enterprise Linux (RHEL) Workstation. Includes software bundled with RHEL Workstation.
Red Hat Enterprise Linux Desktop 773 vulnerabilities
RedHat Enterprise Linux (RHEL) Desktop. Includes software bundled with RHEL desktop
Popular Vendors
See More
Popular Products
See More
Recent Vulnerabilities
A flaw was found in keycloak
CVE-2021-20202
7.3 - High
- May 12, 2021
A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity.
CVE-2021-20202 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and a small impact on availability.
Insecure Temporary File
HTTP Protocol Stack Remote Code Execution Vulnerability
CVE-2021-31166
9.8 - Critical
- May 11, 2021
HTTP Protocol Stack Remote Code Execution Vulnerability
CVE-2021-31166 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Visual Studio Remote Code Execution Vulnerability
CVE-2021-27068
8.8 - High
- May 11, 2021
Visual Studio Remote Code Execution Vulnerability
CVE-2021-27068 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-31168
7.8 - High
- May 11, 2021
Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31167, CVE-2021-31169, CVE-2021-31208.
CVE-2021-31168 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Graphics Component Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-31170
7.8 - High
- May 11, 2021
Windows Graphics Component Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31188.
CVE-2021-31170 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-31169
7.8 - High
- May 11, 2021
Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31167, CVE-2021-31168, CVE-2021-31208.
CVE-2021-31169 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Microsoft Office Information Disclosure Vulnerability
CVE-2021-31178
5.5 - Medium
- May 11, 2021
Microsoft Office Information Disclosure Vulnerability
CVE-2021-31178 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Disclosure
Hyper-V Remote Code Execution Vulnerability
CVE-2021-28476
9.9 - Critical
- May 11, 2021
Hyper-V Remote Code Execution Vulnerability
CVE-2021-28476 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 3.1 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-31165
7.8 - High
- May 11, 2021
Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31167, CVE-2021-31168, CVE-2021-31169, CVE-2021-31208.
CVE-2021-31165 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-31176
7.8 - High
- May 11, 2021
Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31177, CVE-2021-31179.
CVE-2021-31176 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-31177
7.8 - High
- May 11, 2021
Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31176, CVE-2021-31179.
CVE-2021-31177 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dangling pointer
Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-31167
7.8 - High
- May 11, 2021
Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31168, CVE-2021-31169, CVE-2021-31208.
CVE-2021-31167 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-31179
7.8 - High
- May 11, 2021
Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31176, CVE-2021-31177.
CVE-2021-31179 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Dynamics Finance and Operations Cross-site Scripting Vulnerability
CVE-2021-28461
5.4 - Medium
- May 11, 2021
Dynamics Finance and Operations Cross-site Scripting Vulnerability
CVE-2021-28461 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
XSS
Windows CSC Service Information Disclosure Vulnerability
CVE-2021-28479
5.5 - Medium
- May 11, 2021
Windows CSC Service Information Disclosure Vulnerability
CVE-2021-28479 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Disclosure
IBM OpenPages GRC Platform 8.1 could
CVE-2020-4536
4.3 - Medium
- May 11, 2021
IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182907.
CVE-2020-4536 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Generation of Error Message Containing Sensitive Information
IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting
CVE-2020-4535
5.4 - Medium
- May 11, 2021
IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182906.
CVE-2020-4535 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
XSS
Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets
CVE-2021-21649
5.4 - Medium
- May 11, 2021
Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.
CVE-2021-21649 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
XSS
Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides
CVE-2021-21648
6.1 - Medium
- May 11, 2021
Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability.
CVE-2021-21648 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
XSS
In JetBrains TeamCity before 2020.2.3, information disclosure
CVE-2021-31910
7.5 - High
- May 11, 2021
In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.
CVE-2021-31910 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
XSPA
In JetBrains TeamCity before 2020.2.3
CVE-2021-31913
7.5 - High
- May 11, 2021
In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.
CVE-2021-31913 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Improper Validation of Integrity Check Value
In JetBrains TeamCity before 2020.2.4
CVE-2021-31915
9.8 - Critical
- May 11, 2021
In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.
CVE-2021-31915 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Shell injection
In JetBrains TeamCity before 2020.2.3
CVE-2021-31912
8.8 - High
- May 11, 2021
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.
CVE-2021-31912 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Weak Password Recovery Mechanism for Forgotten Password
In JetBrains TeamCity before 2020.2.3
CVE-2021-31911
6.1 - Medium
- May 11, 2021
In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.
CVE-2021-31911 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
XSS
In JetBrains YouTrack before 2020.6.6441, stored XSS was possible
CVE-2021-27733
5.4 - Medium
- May 11, 2021
In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.
CVE-2021-27733 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
XSS
In JetBrains TeamCity before 2020.2.3
CVE-2021-31908
5.4 - Medium
- May 11, 2021
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.
CVE-2021-31908 is exploitable with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
XSS
In JetBrains TeamCity before 2020.2.2
CVE-2021-31907
5.3 - Medium
- May 11, 2021
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.
CVE-2021-31907 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Incorrect Permission Assignment for Critical Resource
In JetBrains TeamCity before 2020.2.3
CVE-2021-31909
9.8 - Critical
- May 11, 2021
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.
CVE-2021-31909 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Argument Injection
In JetBrains IntelliJ IDEA before 2021.1, DoS was possible
CVE-2021-30504
7.5 - High
- May 11, 2021
In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of unbounded resource allocation.
CVE-2021-30504 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Resource Exhaustion
In JetBrains TeamCity before 2020.2.2
CVE-2021-31906
2.7 - Low
- May 11, 2021
In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.
CVE-2021-31906 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.2 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.