Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-18 | CVE-2021-21627 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Libvirt Agents A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains. | 8.8 |
2021-03-18 | CVE-2021-21626 | Missing Authorization vulnerability in Jenkins Warnings Next Generation Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | 4.3 |
2021-03-18 | CVE-2021-21625 | Missing Authorization vulnerability in Jenkins Cloudbees AWS Credentials Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances. | 4.3 |
2021-03-18 | CVE-2021-21624 | Incorrect Authorization vulnerability in Jenkins Role-Based Authorization Strategy An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. | 4.3 |
2021-03-18 | CVE-2021-21623 | Incorrect Authorization vulnerability in Jenkins Matrix Authorization Strategy An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. | 6.5 |
2021-03-18 | CVE-2021-26236 | Out-of-bounds Write vulnerability in Faststone Image Viewer FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format field), that will end up corrupting the Structure Exception Handler (SEH). | 6.8 |
2021-03-18 | CVE-2021-23359 | OS Command Injection vulnerability in Port-Killer Project Port-Killer This affects all versions of package port-killer. | 6.5 |
2021-03-18 | CVE-2021-28420 | Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0 A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter. | 3.5 |
2021-03-18 | CVE-2021-28419 | SQL Injection vulnerability in Seopanel SEO Panel 4.8.0 The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases. | 6.5 |
2021-03-18 | CVE-2021-28418 | Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0 A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter. | 3.5 |