Follow Security Vulnerabilities
in your software stack

It's easy to miss out on a security vulnerability announcements, and hard to filter through all the noise.

Use StackWatch to create a software stack (a list of software you use), then get a weekly email with security vulnerabilities that have been published for software within your stack.

Just click a Watch button to get started.

Most Vulnerabilities most CVEs per product since 2018

Debian Linux 3481 vulnerabilities
OS

Canonical Ubuntu Linux 2390 vulnerabilities
Linux Operating System

Fedora Project Fedora 2128 vulnerabilities

Google Android 2094 vulnerabilities
Mobile operating system

Microsoft Windows 10 2064 vulnerabilities

Microsoft Windows Server 2016 2019 vulnerabilities

Microsoft Windows Server 2019 1763 vulnerabilities

Microsoft Windows Server 2012 1299 vulnerabilities

Microsoft Windows 8.1 1254 vulnerabilities

Google Chrome 1232 vulnerabilities
Web browser

Microsoft Windows Server 2008 1174 vulnerabilities

Microsoft Windows Rt 8 1 1173 vulnerabilities

Microsoft Windows 7 1162 vulnerabilities

Apple iOS 1091 vulnerabilities
The iOS Operating System used by iPhones.

Linux Kernel 1044 vulnerabilities

Apple Mac OSX 962 vulnerabilities
Macintosh Operating System

Red Hat Enterprise Linux Server 915 vulnerabilities
RedHat Enterprise Linux (RHEL) Server. Includes software bundeled with RHEL server.

Red Hat Enterprise Linux Workstation 897 vulnerabilities
RedHat Enterprise Linux (RHEL) Workstation. Includes software bundled with RHEL Workstation.

Red Hat Enterprise Linux Desktop 885 vulnerabilities
RedHat Enterprise Linux (RHEL) Desktop. Includes software bundled with RHEL desktop

OpenSuse Leap 861 vulnerabilities

Popular Vendors

Popular Products

Recent Vulnerabilities

In setLaunchIntent of BluetoothDevicePickerPreferenceController.java

CVE-2021-1035 7.8 - High - January 14, 2022

In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-12Android ID: A-195668284

CVE-2021-1035 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Externally Controlled Reference to a Resource in Another Sphere

In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check

CVE-2021-39622 7.8 - High - January 14, 2022

In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-192663648

CVE-2021-39622 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Preservation of Permissions

In showCarrierAppInstallationNotification of EuiccNotificationManager.java

CVE-2021-39625 7.3 - High - January 14, 2022

In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194695347

CVE-2021-39625 can be exploited with local system access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.3 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

In multiple methods of EuiccNotificationManager.java

CVE-2021-39618 7.8 - High - January 14, 2022

In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196855999

CVE-2021-39618 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitialized data

CVE-2021-39680 4.4 - Medium - January 14, 2022

In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197965864References: N/A

CVE-2021-39680 is exploitable with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 0.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Use of Uninitialized Resource

In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code

CVE-2021-39684 7.8 - High - January 14, 2022

In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-203250788References: N/A

CVE-2021-39684 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code

CVE-2021-39628 3.3 - Low - January 14, 2022

In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-189575031

CVE-2021-39628 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Exposure of Resource to Wrong Sphere

In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-39623 9.8 - Critical - January 14, 2022

In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194105348

CVE-2021-39623 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Improper Privilege Management

In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free

CVE-2021-39681 7.8 - High - January 14, 2022

In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200251074References: N/A

CVE-2021-39681 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dangling pointer

In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free

CVE-2021-39620 7.8 - High - January 14, 2022

In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-203847542

CVE-2021-39620 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dangling pointer

In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code

CVE-2021-0959 7.8 - High - January 14, 2022

In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-200284993

CVE-2021-0959 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check

CVE-2021-39683 6.7 - Medium - January 14, 2022

In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202003354References: N/A

CVE-2021-39683 can be exploited with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 0.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition

CVE-2021-39629 7 - High - January 14, 2022

In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-197353344

CVE-2021-39629 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.0 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Race Condition

In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-39632 7.8 - High - January 14, 2022

In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-202159709

CVE-2021-39632 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access

CVE-2021-39633 5.5 - Medium - January 14, 2022

In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150694665References: Upstream kernel

CVE-2021-39633 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Exposure of Resource to Wrong Sphere

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could

CVE-2022-20658 9.6 - Critical - January 14, 2022

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due to the lack of server-side validation of user permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to a vulnerable system. A successful exploit could allow the attacker to create Administrator accounts. With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are associated to the vulnerable Cisco Unified CCMP. To successfully exploit this vulnerability, an attacker would need valid Advanced User credentials.

CVE-2022-20658 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 3.1 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Incorrect Resource Transfer Between Spheres

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2021-43764 5.4 - Medium - January 13, 2022

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

CVE-2021-43764 is exploitable with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2021-43761 5.4 - Medium - January 13, 2022

AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

CVE-2021-43761 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability

CVE-2021-40722 9.8 - Critical - January 13, 2022

AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.

CVE-2021-40722 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

XXE

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2021-44177 6.1 - Medium - January 13, 2022

CVE-2021-44177 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2021-43765 6.1 - Medium - January 13, 2022

CVE-2021-43765 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability

CVE-2021-44178 6.1 - Medium - January 13, 2022

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability via the itemResourceType parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser

CVE-2021-44178 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability

CVE-2021-43762 6.5 - Medium - January 13, 2022

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability that could be abused to evade security controls. Sensitive areas of the web application may be exposed through exploitation of the vulnerability.

CVE-2021-43762 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Improper Input Validation

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2021-44176 6.1 - Medium - January 13, 2022

CVE-2021-44176 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.

CVE-2021-37530 5.5 - Medium - January 12, 2022

A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.

CVE-2021-37530 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Memory Corruption

A double-free vulnerability exists in fig2dev through 3.28a is affected by:

CVE-2021-37529 5.5 - Medium - January 12, 2022

A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).

CVE-2021-37529 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Double-free

Docker Desktop version 4.3.0 and 4.3.1 has a bug

CVE-2021-45449 5.5 - Medium - January 12, 2022

Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the users local files.

CVE-2021-45449 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Insertion of Sensitive Information into Log File

Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID

CVE-2022-23107 8.1 - High - January 12, 2022

Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system.

CVE-2022-23107 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Directory traversal

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier

CVE-2022-20612 4.3 - Medium - January 12, 2022

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

CVE-2022-20612 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Session Riding

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality

CVE-2022-23116 7.5 - High - January 12, 2022

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.

CVE-2022-23116 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Missing Encryption of Sensitive Data

Follow Security Vulnerabilitiesin your software stack

Most Vulnerabilities most CVEs per product since 2018

Debian Linux 3481 vulnerabilitiesOS

Canonical Ubuntu Linux 2390 vulnerabilitiesLinux Operating System

Fedora Project Fedora 2128 vulnerabilities

Google Android 2094 vulnerabilitiesMobile operating system

Microsoft Windows 10 2064 vulnerabilities

Microsoft Windows Server 2016 2019 vulnerabilities

Microsoft Windows Server 2019 1763 vulnerabilities

Microsoft Windows Server 2012 1299 vulnerabilities

Microsoft Windows 8.1 1254 vulnerabilities

Google Chrome 1232 vulnerabilitiesWeb browser

Microsoft Windows Server 2008 1174 vulnerabilities

Microsoft Windows Rt 8 1 1173 vulnerabilities

Microsoft Windows 7 1162 vulnerabilities

Apple iOS 1091 vulnerabilitiesThe iOS Operating System used by iPhones.

Linux Kernel 1044 vulnerabilities

Apple Mac OSX 962 vulnerabilitiesMacintosh Operating System

Red Hat Enterprise Linux Server 915 vulnerabilitiesRedHat Enterprise Linux (RHEL) Server. Includes software bundeled with RHEL server.

Red Hat Enterprise Linux Workstation 897 vulnerabilitiesRedHat Enterprise Linux (RHEL) Workstation. Includes software bundled with RHEL Workstation.

Red Hat Enterprise Linux Desktop 885 vulnerabilitiesRedHat Enterprise Linux (RHEL) Desktop. Includes software bundled with RHEL desktop

OpenSuse Leap 861 vulnerabilities

Popular Vendors

Popular Products

Recent Vulnerabilities

In setLaunchIntent of BluetoothDevicePickerPreferenceController.java CVE-2021-1035 7.8 - High - January 14, 2022

In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check CVE-2021-39622 7.8 - High - January 14, 2022

In showCarrierAppInstallationNotification of EuiccNotificationManager.java CVE-2021-39625 7.3 - High - January 14, 2022

In multiple methods of EuiccNotificationManager.java CVE-2021-39618 7.8 - High - January 14, 2022

In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitialized data CVE-2021-39680 4.4 - Medium - January 14, 2022

In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code CVE-2021-39684 7.8 - High - January 14, 2022

In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code CVE-2021-39628 3.3 - Low - January 14, 2022

In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check CVE-2021-39623 9.8 - Critical - January 14, 2022

In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free CVE-2021-39681 7.8 - High - January 14, 2022

In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free CVE-2021-39620 7.8 - High - January 14, 2022

In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code CVE-2021-0959 7.8 - High - January 14, 2022

In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check CVE-2021-39683 6.7 - Medium - January 14, 2022

In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition CVE-2021-39629 7 - High - January 14, 2022

In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check CVE-2021-39632 7.8 - High - January 14, 2022

In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access CVE-2021-39633 5.5 - Medium - January 14, 2022

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could CVE-2022-20658 9.6 - Critical - January 14, 2022

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability CVE-2021-43764 5.4 - Medium - January 13, 2022

AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability CVE-2021-43761 5.4 - Medium - January 13, 2022

AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability CVE-2021-40722 9.8 - Critical - January 13, 2022

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability CVE-2021-44177 6.1 - Medium - January 13, 2022

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability CVE-2021-43765 6.1 - Medium - January 13, 2022

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability CVE-2021-44178 6.1 - Medium - January 13, 2022

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability CVE-2021-43762 6.5 - Medium - January 13, 2022

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability CVE-2021-44176 6.1 - Medium - January 13, 2022

A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c. CVE-2021-37530 5.5 - Medium - January 12, 2022

A double-free vulnerability exists in fig2dev through 3.28a is affected by: CVE-2021-37529 5.5 - Medium - January 12, 2022

Docker Desktop version 4.3.0 and 4.3.1 has a bug CVE-2021-45449 5.5 - Medium - January 12, 2022

Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID CVE-2022-23107 8.1 - High - January 12, 2022

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier CVE-2022-20612 4.3 - Medium - January 12, 2022

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality CVE-2022-23116 7.5 - High - January 12, 2022

Follow Security Vulnerabilities
in your software stack

Debian Linux 3481 vulnerabilities
OS

Canonical Ubuntu Linux 2390 vulnerabilities
Linux Operating System

Google Android 2094 vulnerabilities
Mobile operating system

Google Chrome 1232 vulnerabilities
Web browser

Apple iOS 1091 vulnerabilities
The iOS Operating System used by iPhones.

Apple Mac OSX 962 vulnerabilities
Macintosh Operating System

Red Hat Enterprise Linux Server 915 vulnerabilities
RedHat Enterprise Linux (RHEL) Server. Includes software bundeled with RHEL server.

Red Hat Enterprise Linux Workstation 897 vulnerabilities
RedHat Enterprise Linux (RHEL) Workstation. Includes software bundled with RHEL Workstation.

Red Hat Enterprise Linux Desktop 885 vulnerabilities
RedHat Enterprise Linux (RHEL) Desktop. Includes software bundled with RHEL desktop

In setLaunchIntent of BluetoothDevicePickerPreferenceController.java

CVE-2021-1035 7.8 - High - January 14, 2022

In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check

CVE-2021-39622 7.8 - High - January 14, 2022

In showCarrierAppInstallationNotification of EuiccNotificationManager.java

CVE-2021-39625 7.3 - High - January 14, 2022

In multiple methods of EuiccNotificationManager.java

CVE-2021-39618 7.8 - High - January 14, 2022

In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitialized data

CVE-2021-39680 4.4 - Medium - January 14, 2022

In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code

CVE-2021-39684 7.8 - High - January 14, 2022

In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code

CVE-2021-39628 3.3 - Low - January 14, 2022

In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-39623 9.8 - Critical - January 14, 2022

In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free

CVE-2021-39681 7.8 - High - January 14, 2022

In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free

CVE-2021-39620 7.8 - High - January 14, 2022

In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code

CVE-2021-0959 7.8 - High - January 14, 2022

In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check

CVE-2021-39683 6.7 - Medium - January 14, 2022

In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition

CVE-2021-39629 7 - High - January 14, 2022

In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-39632 7.8 - High - January 14, 2022

In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access

CVE-2021-39633 5.5 - Medium - January 14, 2022

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could

CVE-2022-20658 9.6 - Critical - January 14, 2022

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2021-43764 5.4 - Medium - January 13, 2022

AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2021-43761 5.4 - Medium - January 13, 2022

AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability

CVE-2021-40722 9.8 - Critical - January 13, 2022

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2021-44177 6.1 - Medium - January 13, 2022

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2021-43765 6.1 - Medium - January 13, 2022

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability

CVE-2021-44178 6.1 - Medium - January 13, 2022

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability

CVE-2021-43762 6.5 - Medium - January 13, 2022

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2021-44176 6.1 - Medium - January 13, 2022

A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.

CVE-2021-37530 5.5 - Medium - January 12, 2022

A double-free vulnerability exists in fig2dev through 3.28a is affected by:

CVE-2021-37529 5.5 - Medium - January 12, 2022

Docker Desktop version 4.3.0 and 4.3.1 has a bug

CVE-2021-45449 5.5 - Medium - January 12, 2022

Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID

CVE-2022-23107 8.1 - High - January 12, 2022

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier

CVE-2022-20612 4.3 - Medium - January 12, 2022

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality

CVE-2022-23116 7.5 - High - January 12, 2022