Follow Security Vulnerabilities
in your favorite software stacks

Use stack.watch to create a software stack (a list of software you use), then get a weekly email with security vulnerabilities that occurr within your stack.

subscriber

Most Vulnerabilities most CVEs per product since 2018


Debian Linux 2798 vulnerabilities
OS

Canonical Ubuntu Linux 1925 vulnerabilities
Linux Operating System

Microsoft Windows 10 1765 vulnerabilities

Microsoft Windows Server 2016 1731 vulnerabilities

Google Android 1710 vulnerabilities
Mobile operating system

Microsoft Windows Server 2019 1461 vulnerabilities

Fedora Project Fedora 1400 vulnerabilities

Microsoft Windows Server 2012 1094 vulnerabilities

Microsoft Windows 8.1 1070 vulnerabilities

Google Chrome 1061 vulnerabilities
Web browser

Microsoft Windows Rt 8 1 1017 vulnerabilities

Microsoft Windows 7 1008 vulnerabilities

Microsoft Windows Server 2008 1001 vulnerabilities

Linux Kernel 948 vulnerabilities

Red Hat Enterprise Linux Server 828 vulnerabilities
RedHat Enterprise Linux (RHEL) Server. Includes software bundeled with RHEL server.

Apple iOS 820 vulnerabilities
The iOS Operating System used by iPhones.

Red Hat Enterprise Linux Workstation 807 vulnerabilities
RedHat Enterprise Linux (RHEL) Workstation. Includes software bundled with RHEL Workstation.

Red Hat Enterprise Linux Desktop 794 vulnerabilities
RedHat Enterprise Linux (RHEL) Desktop. Includes software bundled with RHEL desktop

Apple Mac OSX 759 vulnerabilities
Macintosh Operating System

OpenSuse Leap 740 vulnerabilities

See More

Popular Vendors

Adobe Microsoft Apache NGINX Google Apple Linux PHP OpenSSL Ruby on Rails PostgreSQL jQuery nodejs MongoDB Docker Jenkins HashiCorp Ruby Programming Language Laravel Elastic Zoom

See More

Popular Products

Internet Information Server (IIS) Tomcat Java Runtime Environment (JRE) Chrome Firefox iOS MySQL Safari SQL Server Windows Server 2019 Kubernetes React Watch OS Photoshop CC Redis Caddy Web Server GitLab Go

See More

Recent Vulnerabilities

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs

CVE-2021-32555 5.5 - Medium - June 12, 2021

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.

CVE-2021-32555 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

insecure temporary file

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs

CVE-2021-32553 5.5 - Medium - June 12, 2021

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.

CVE-2021-32553 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

insecure temporary file

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs

CVE-2021-32551 5.5 - Medium - June 12, 2021

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.

CVE-2021-32551 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

insecure temporary file

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs

CVE-2021-32550 5.5 - Medium - June 12, 2021

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users.

CVE-2021-32550 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

insecure temporary file

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs

CVE-2021-32554 5.5 - Medium - June 12, 2021

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.

CVE-2021-32554 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

insecure temporary file

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs

CVE-2021-32552 5.5 - Medium - June 12, 2021

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.

CVE-2021-32552 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

insecure temporary file

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs

CVE-2021-32549 5.5 - Medium - June 12, 2021

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users.

CVE-2021-32549 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

insecure temporary file

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs

CVE-2021-32548 5.5 - Medium - June 12, 2021

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users.

CVE-2021-32548 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

insecure temporary file

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs

CVE-2021-32547 5.5 - Medium - June 12, 2021

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.

CVE-2021-32547 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

insecure temporary file

In memory management driver, there is a possible out of bounds write due to an integer overflow

CVE-2021-0494 7.8 - High - June 11, 2021

In memory management driver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461318

CVE-2021-0494 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Integer Overflow or Wraparound

In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow

CVE-2021-0474 9.8 - Critical - June 11, 2021

In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-177611958

CVE-2021-0474 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Memory Corruption

In memory management driver, there is a possible out of bounds write due to uninitialized data

CVE-2021-0495 7.8 - High - June 11, 2021

In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183459083

CVE-2021-0495 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

In memory management driver, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0489 7.8 - High - June 11, 2021

In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183464866

CVE-2021-0489 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption due to a use after free

CVE-2021-0475 8.8 - High - June 11, 2021

In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption due to a use after free. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-175686168

Dangling pointer

In memory management driver, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0493 7.8 - High - June 11, 2021

In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461317

CVE-2021-0493 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

In BinderDiedCallback of MediaCodec.cpp, there is a possible memory corruption due to a use after free

CVE-2021-0482 7 - High - June 11, 2021

In BinderDiedCallback of MediaCodec.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173791720

CVE-2021-0482 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.0 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dangling pointer

In notifyScreenshotError of ScreenshotNotificationsController.java, there is a possible permission bypass due to an unsafe PendingIntent

CVE-2021-0477 7.8 - High - June 11, 2021

In notifyScreenshotError of ScreenshotNotificationsController.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-178189250

CVE-2021-0477 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier

CVE-2021-0480 5.5 - Medium - June 11, 2021

In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-174493336

CVE-2021-0480 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Exposure of Resource to Wrong Sphere

In onCreate of CalendarDebugActivity.java

CVE-2021-0487 7.8 - High - June 11, 2021

In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174046397

CVE-2021-0487 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler

CVE-2021-0481 7.8 - High - June 11, 2021

In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-172939189

CVE-2021-0481 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

In memory management driver, there is a possible escalation of privilege due to a missing permission check

CVE-2021-0491 7.8 - High - June 11, 2021

In memory management driver, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461315

CVE-2021-0491 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device

CVE-2021-0466 7.5 - High - June 11, 2021

In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154114734

CVE-2021-0466 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Exposure of Resource to Wrong Sphere

In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass

CVE-2019-9475 5.5 - Medium - June 11, 2021

In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-9496886

CVE-2019-9475 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Exposure of Resource to Wrong Sphere

In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check

CVE-2021-0484 5.5 - Medium - June 11, 2021

In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-173720767

CVE-2021-0484 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Missing Initialization of Resource

In memory management driver, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0492 7.8 - High - June 11, 2021

In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183459078

CVE-2021-0492 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

In memory management driver, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0490 7.8 - High - June 11, 2021

In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183464868

CVE-2021-0490 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

In memory management driver, there is a possible memory corruption due to a use after free

CVE-2021-0497 7.8 - High - June 11, 2021

In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461320

CVE-2021-0497 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dangling pointer

In memory management driver, there is a possible memory corruption due to a double free

CVE-2021-0498 7.8 - High - June 11, 2021

In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461321

CVE-2021-0498 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Double-free

In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass

CVE-2021-0472 7.8 - High - June 11, 2021

In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-176801033

CVE-2021-0472 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

In getMinimalSize of PipBoundsAlgorithm.java

CVE-2021-0485 7.8 - High - June 11, 2021

In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypass of restrictions on background processes due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302616

CVE-2021-0485 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.