CVE-2021-23127

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.

Source: CVE-2021-23127

CVE-2021-23129

An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues.

Source: CVE-2021-23129

CVE-2021-23128

An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to ‘random_bytes()’ and its backport that is shipped within random_compat.

Source: CVE-2021-23128

CVE-2021-26029

An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field.

Source: CVE-2021-26029

CVE-2021-26028

An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.

Source: CVE-2021-26028

CVE-2021-26027

An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.

Source: CVE-2021-26027

CVE-2021-23130

An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues.

Source: CVE-2021-23130

CVE-2021-23132

An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads

Source: CVE-2021-23132

CVE-2020-15938

When traffic other than HTTP/S (eg: SSH traffic, etc…) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn’t have a valid HTTP header.

Source: CVE-2020-15938

CVE-2021-23344

The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set.

Source: CVE-2021-23344