Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-18 | CVE-2021-21623 | Incorrect Authorization vulnerability in Jenkins Matrix Authorization Strategy An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. | 6.5 |
| 2021-03-18 | CVE-2021-26236 | Out-of-bounds Write vulnerability in Faststone Image Viewer FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format field), that will end up corrupting the Structure Exception Handler (SEH). | 6.8 |
| 2021-03-18 | CVE-2021-23359 | OS Command Injection vulnerability in Port-Killer Project Port-Killer This affects all versions of package port-killer. | 6.5 |
| 2021-03-18 | CVE-2021-28420 | Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0 A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter. | 3.5 |
| 2021-03-18 | CVE-2021-28419 | SQL Injection vulnerability in Seopanel SEO Panel 4.8.0 The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases. | 6.5 |
| 2021-03-18 | CVE-2021-28418 | Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0 A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter. | 3.5 |
| 2021-03-18 | CVE-2021-28417 | Cross-site Scripting vulnerability in Seopanel SEO Panel 4.8.0 A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter. | 3.5 |
| 2021-03-18 | CVE-2021-3141 | Insufficiently Protected Credentials vulnerability in Unisys Stealth In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and change the Stealth configuration. | 2.1 |
| 2021-03-18 | CVE-2021-22848 | SQL Injection vulnerability in Hgiga products HGiga MailSherlock contains a SQL Injection. | 7.5 |
| 2021-03-18 | CVE-2021-28681 | Incorrect Authorization vulnerability in Webrtc Project Webrtc Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. | 5.0 |