Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-18 | CVE-2021-24123 | Unrestricted Upload of File with Dangerous Type vulnerability in Blubrry Powerpress Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE. | 6.5 |
2021-03-18 | CVE-2021-28133 | Information Exposure vulnerability in Zoom Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. | 4.3 |
2021-03-18 | CVE-2021-26237 | Out-of-bounds Write vulnerability in Faststone Image Viewer FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d7d, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. | 6.8 |
2021-03-18 | CVE-2021-26235 | NULL Pointer Dereference vulnerability in Faststone Image Viewer FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfc9, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. | 6.8 |
2021-03-18 | CVE-2021-26234 | Out-of-bounds Write vulnerability in Faststone Image Viewer FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d8a, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. | 6.8 |
2021-03-18 | CVE-2021-26233 | Out-of-bounds Write vulnerability in Faststone Image Viewer FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfcb, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. | 6.8 |
2021-03-18 | CVE-2021-21627 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Libvirt Agents A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains. | 8.8 |
2021-03-18 | CVE-2021-21626 | Missing Authorization vulnerability in Jenkins Warnings Next Generation Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | 4.3 |
2021-03-18 | CVE-2021-21625 | Missing Authorization vulnerability in Jenkins Cloudbees AWS Credentials Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances. | 4.3 |
2021-03-18 | CVE-2021-21624 | Incorrect Authorization vulnerability in Jenkins Role-Based Authorization Strategy An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. | 4.3 |