Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2021-11-03 CVE-2021-40848 Improper Neutralization of Formula Elements in a CSV File vulnerability in Mahara
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection.
local
low complexity
mahara CWE-1236
7.8
7.8
2021-11-03 CVE-2021-41312 Improper Authentication vulnerability in Atlassian Jira
Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint.
network
low complexity
atlassian CWE-287
7.5
7.5
2021-11-03 CVE-2021-29991 HTTP Request Smuggling vulnerability in Mozilla Thunderbird
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers.
network
low complexity
mozilla CWE-444
8.1
8.1
2021-11-03 CVE-2021-29993 Unspecified vulnerability in Mozilla Firefox
Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs.
network
low complexity
mozilla
8.1
8.1
2021-11-03 CVE-2021-38493 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13.
network
low complexity
mozilla CWE-787
8.8
8.8
2021-11-03 CVE-2021-38494 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in Firefox 91.
network
low complexity
mozilla CWE-787
8.8
8.8
2021-11-03 CVE-2021-38495 Out-of-bounds Write vulnerability in Mozilla Firefox ESR
Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0.
network
low complexity
mozilla CWE-787
8.8
8.8
2021-11-03 CVE-2021-38496 Use After Free vulnerability in multiple products
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash.
network
low complexity
mozilla debian CWE-416
8.8
8.8
2021-11-03 CVE-2021-38498 Use After Free vulnerability in Mozilla Firefox
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash.
network
low complexity
mozilla CWE-416
7.5
7.5
2021-11-03 CVE-2021-38499 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in Firefox 92.
network
low complexity
mozilla CWE-787
8.8
8.8