Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-15 | CVE-2021-22148 | Incorrect Permission Assignment for Critical Resource vulnerability in Elastic Enterprise Search Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. | 8.8 |
| 2021-09-15 | CVE-2021-22149 | Missing Authorization vulnerability in Elastic Enterprise Search Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. | 8.8 |
| 2021-09-15 | CVE-2021-3777 | Unspecified vulnerability in Tmpl Project Tmpl nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity | 7.5 |
| 2021-09-15 | CVE-2021-3778 | vim is vulnerable to Heap-based Buffer Overflow | 7.8 |
| 2021-09-15 | CVE-2021-3706 | Incorrect Permission Assignment for Critical Resource vulnerability in Pi-Hole web Interface adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag | 7.5 |
| 2021-09-14 | CVE-2021-23029 | Server-Side Request Forgery (SSRF) vulnerability in F5 products On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. | 8.8 |
| 2021-09-14 | CVE-2021-23026 | Cross-Site Request Forgery (CSRF) vulnerability in F5 products BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. | 8.8 |
| 2021-09-14 | CVE-2021-23025 | OS Command Injection vulnerability in F5 products On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. | 8.8 |
| 2021-09-14 | CVE-2021-23028 | Improper Input Validation vulnerability in F5 products On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests may cause the BIG-IP ASM bd process to terminate. | 7.5 |
| 2021-09-14 | CVE-2021-23030 | Improper Input Validation vulnerability in F5 Big-Ip Application Security Manager On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. | 7.5 |