Latest CVE Feed
-
7.5
HIGHCVE-2021-23131
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager.... Read more
Affected Products : joomla\!- Published: Mar. 04, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-23130
An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues.... Read more
Affected Products : joomla\!- Published: Mar. 04, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-23129
An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues.... Read more
Affected Products : joomla\!- Published: Mar. 04, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-23128
An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backpor... Read more
Affected Products : joomla\!- Published: Mar. 04, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-23127
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.... Read more
Affected Products : joomla\!- Published: Mar. 04, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-23126
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.... Read more
Affected Products : joomla\!- Published: Mar. 04, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-23125
An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of escaping of image-related parameters in multiple com_tags views cause lead to XSS attack vectors.... Read more
Affected Products : joomla\!- Published: Jan. 12, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-23124
An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.... Read more
Affected Products : joomla\!- Published: Jan. 12, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-23123
An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules.... Read more
Affected Products : joomla\!- Published: Jan. 12, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-23055
On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support (EoTS) are not e... Read more
Affected Products : nginx_ingress_controller- Published: Apr. 21, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-23054
On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full w... Read more
Affected Products : big-ip_access_policy_manager- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-23053
On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL ... Read more
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-23052
On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious user to build an open redirect URI. Note... Read more
Affected Products : big-ip_access_policy_manager- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-23051
On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP on Amazon Web Services (AWS) systems, undisclosed requests can cause the Traffic Management Microkernel (TMM) t... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +1 more products- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-23050
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTM... Read more
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-23049
On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, when the iRules RESOLVER::summarize command is used on a virtual server, undisclosed requests can cause an increase in Traffic Management Microkernel (TMM) memory utilization resulting in ... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +1 more products- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-23048
On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when GPRS Tunneling Protocol (GTP) iRules commands or a GTP profile is configured on a virtual server,... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +1 more products- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-23047
On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Informat... Read more
Affected Products : big-ip_access_policy_manager- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-23046
On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have r... Read more
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-23045
On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when an SCTP profile with multiple paths is configured on a virtual server, undisclosed requests can cause the Tr... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +4 more products- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024