Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-03 | CVE-2021-26786 | Unspecified vulnerability in Playtuber Project Playtuber An issue was discoverered in in customercentric-selling-poland PlayTube, allows authenticated attackers to execute arbitrary code via the purchace code to the config.php. | 8.8 |
| 2021-11-03 | CVE-2021-37147 | Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |
| 2021-11-03 | CVE-2021-37148 | Improper Input Validation vulnerability in multiple products Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |
| 2021-11-03 | CVE-2021-37149 | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |
| 2021-11-03 | CVE-2021-38161 | Improper Authentication vulnerability in multiple products Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. | 8.1 |
| 2021-11-03 | CVE-2021-41585 | Improper Input Validation vulnerability in Apache Traffic Server Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. | 7.5 |
| 2021-11-03 | CVE-2021-40848 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Mahara In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection. | 7.8 |
| 2021-11-03 | CVE-2021-41312 | Improper Authentication vulnerability in Atlassian Jira Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint. | 7.5 |
| 2021-11-03 | CVE-2021-29991 | HTTP Request Smuggling vulnerability in Mozilla Thunderbird Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. | 8.1 |
| 2021-11-03 | CVE-2021-29993 | Unspecified vulnerability in Mozilla Firefox Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. | 8.1 |