Follow Security Vulnerabilities
in your favorite software stacks

Use stack.watch to create a software stack (a list of software you use), then get a weekly email with security vulnerabilities that occurr within your stack.

subscriber

Most Vulnerabilities most CVEs per product since 2018


Debian Linux 2704 vulnerabilities
OS

Canonical Ubuntu Linux 1847 vulnerabilities
Linux Operating System

Microsoft Windows 10 1732 vulnerabilities

Microsoft Windows Server 2016 1701 vulnerabilities

Google Android 1668 vulnerabilities
Mobile operating system

Microsoft Windows Server 2019 1435 vulnerabilities

Fedora Project Fedora 1239 vulnerabilities

Microsoft Windows Server 2012 1070 vulnerabilities

Microsoft Windows 8.1 1050 vulnerabilities

Google Chrome 1026 vulnerabilities
Web browser

Microsoft Windows Rt 8 1 997 vulnerabilities

Microsoft Windows 7 993 vulnerabilities

Microsoft Windows Server 2008 983 vulnerabilities

Linux Kernel 913 vulnerabilities

Apple iOS 809 vulnerabilities
The iOS Operating System used by iPhones.

Red Hat Enterprise Linux Server 808 vulnerabilities
RedHat Enterprise Linux (RHEL) Server. Includes software bundeled with RHEL server.

Red Hat Enterprise Linux Workstation 787 vulnerabilities
RedHat Enterprise Linux (RHEL) Workstation. Includes software bundled with RHEL Workstation.

Red Hat Enterprise Linux Desktop 773 vulnerabilities
RedHat Enterprise Linux (RHEL) Desktop. Includes software bundled with RHEL desktop

Apple Mac OSX 749 vulnerabilities
Macintosh Operating System

OpenSuse Leap 723 vulnerabilities

See More

Popular Vendors

Adobe Microsoft Apache NGINX Google Apple Linux PHP OpenSSL Ruby on Rails PostgreSQL jQuery nodejs MongoDB Docker Jenkins HashiCorp Ruby Programming Language Laravel Elastic Zoom

See More

Popular Products

Internet Information Server (IIS) Tomcat Java Runtime Environment (JRE) Chrome Firefox iOS MySQL Safari SQL Server Windows Server 2019 Kubernetes React Watch OS Photoshop CC Redis Caddy Web Server GitLab Go

See More

Recent Vulnerabilities

A flaw was found in keycloak

CVE-2021-20202 7.3 - High - May 12, 2021

A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity.

CVE-2021-20202 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and a small impact on availability.

Insecure Temporary File

HTTP Protocol Stack Remote Code Execution Vulnerability

CVE-2021-31166 9.8 - Critical - May 11, 2021

HTTP Protocol Stack Remote Code Execution Vulnerability

CVE-2021-31166 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Visual Studio Remote Code Execution Vulnerability

CVE-2021-27068 8.8 - High - May 11, 2021

Visual Studio Remote Code Execution Vulnerability

CVE-2021-27068 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-31168 7.8 - High - May 11, 2021

Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31167, CVE-2021-31169, CVE-2021-31208.

CVE-2021-31168 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Graphics Component Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-31170 7.8 - High - May 11, 2021

Windows Graphics Component Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31188.

CVE-2021-31170 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-31169 7.8 - High - May 11, 2021

Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31167, CVE-2021-31168, CVE-2021-31208.

CVE-2021-31169 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Microsoft Office Information Disclosure Vulnerability

CVE-2021-31178 5.5 - Medium - May 11, 2021

Microsoft Office Information Disclosure Vulnerability

CVE-2021-31178 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Disclosure

Hyper-V Remote Code Execution Vulnerability

CVE-2021-28476 9.9 - Critical - May 11, 2021

Hyper-V Remote Code Execution Vulnerability

CVE-2021-28476 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 3.1 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-31165 7.8 - High - May 11, 2021

Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31167, CVE-2021-31168, CVE-2021-31169, CVE-2021-31208.

CVE-2021-31165 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-31176 7.8 - High - May 11, 2021

Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31177, CVE-2021-31179.

CVE-2021-31176 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dangling pointer

Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-31177 7.8 - High - May 11, 2021

Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31176, CVE-2021-31179.

CVE-2021-31177 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dangling pointer

Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-31167 7.8 - High - May 11, 2021

Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31168, CVE-2021-31169, CVE-2021-31208.

CVE-2021-31167 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-31179 7.8 - High - May 11, 2021

Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31176, CVE-2021-31177.

CVE-2021-31179 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dynamics Finance and Operations Cross-site Scripting Vulnerability

CVE-2021-28461 5.4 - Medium - May 11, 2021

Dynamics Finance and Operations Cross-site Scripting Vulnerability

CVE-2021-28461 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

Windows CSC Service Information Disclosure Vulnerability

CVE-2021-28479 5.5 - Medium - May 11, 2021

Windows CSC Service Information Disclosure Vulnerability

CVE-2021-28479 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Disclosure

IBM OpenPages GRC Platform 8.1 could

CVE-2020-4536 4.3 - Medium - May 11, 2021

IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182907.

CVE-2020-4536 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Generation of Error Message Containing Sensitive Information

IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting

CVE-2020-4535 5.4 - Medium - May 11, 2021

IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182906.

CVE-2020-4535 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets

CVE-2021-21649 5.4 - Medium - May 11, 2021

Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.

CVE-2021-21649 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides

CVE-2021-21648 6.1 - Medium - May 11, 2021

Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability.

CVE-2021-21648 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

In JetBrains TeamCity before 2020.2.3, information disclosure

CVE-2021-31910 7.5 - High - May 11, 2021

In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.

CVE-2021-31910 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

XSPA

In JetBrains TeamCity before 2020.2.3

CVE-2021-31913 7.5 - High - May 11, 2021

In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.

CVE-2021-31913 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Improper Validation of Integrity Check Value

In JetBrains TeamCity before 2020.2.4

CVE-2021-31915 9.8 - Critical - May 11, 2021

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.

CVE-2021-31915 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Shell injection

In JetBrains TeamCity before 2020.2.3

CVE-2021-31912 8.8 - High - May 11, 2021

In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.

CVE-2021-31912 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Weak Password Recovery Mechanism for Forgotten Password

In JetBrains TeamCity before 2020.2.3

CVE-2021-31911 6.1 - Medium - May 11, 2021

In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.

CVE-2021-31911 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

In JetBrains YouTrack before 2020.6.6441, stored XSS was possible

CVE-2021-27733 5.4 - Medium - May 11, 2021

In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.

CVE-2021-27733 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

In JetBrains TeamCity before 2020.2.3

CVE-2021-31908 5.4 - Medium - May 11, 2021

In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.

CVE-2021-31908 is exploitable with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

In JetBrains TeamCity before 2020.2.2

CVE-2021-31907 5.3 - Medium - May 11, 2021

In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.

CVE-2021-31907 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Incorrect Permission Assignment for Critical Resource

In JetBrains TeamCity before 2020.2.3

CVE-2021-31909 9.8 - Critical - May 11, 2021

In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.

CVE-2021-31909 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Argument Injection

In JetBrains IntelliJ IDEA before 2021.1, DoS was possible

CVE-2021-30504 7.5 - High - May 11, 2021

In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of unbounded resource allocation.

CVE-2021-30504 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Resource Exhaustion

In JetBrains TeamCity before 2020.2.2

CVE-2021-31906 2.7 - Low - May 11, 2021

In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.

CVE-2021-31906 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.2 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.