Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2021-03-18 CVE-2021-21627 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Libvirt Agents
A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains.
network
low complexity
jenkins CWE-352
8.8
8.8
2021-03-18 CVE-2021-21626 Missing Authorization vulnerability in Jenkins Warnings Next Generation
Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.
network
low complexity
jenkins CWE-862
4.3
4.3
2021-03-18 CVE-2021-21625 Missing Authorization vulnerability in Jenkins Cloudbees AWS Credentials
Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances.
network
low complexity
jenkins CWE-862
4.3
4.3
2021-03-18 CVE-2021-21624 Incorrect Authorization vulnerability in Jenkins Role-Based Authorization Strategy
An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.
network
low complexity
jenkins CWE-863
4.3
4.3
2021-03-18 CVE-2021-21623 Incorrect Authorization vulnerability in Jenkins Matrix Authorization Strategy
An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.
network
low complexity
jenkins CWE-863
6.5
6.5
2021-03-18 CVE-2021-26236 Out-of-bounds Write vulnerability in Faststone Image Viewer
FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format field), that will end up corrupting the Structure Exception Handler (SEH).
network
faststone CWE-787
6.8
6.8
2021-03-18 CVE-2021-23359 OS Command Injection vulnerability in Port-Killer Project Port-Killer
This affects all versions of package port-killer.
network
low complexity
port-killer-project CWE-78
6.5
6.5
2021-03-18 CVE-2021-28420 Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter.
network
seopanel CWE-79
3.5
3.5
2021-03-18 CVE-2021-28419 SQL Injection vulnerability in Seopanel SEO Panel 4.8.0
The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.
network
low complexity
seopanel CWE-89
6.5
6.5
2021-03-18 CVE-2021-28418 Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter.
network
seopanel CWE-79
3.5
3.5