Security Vulnerabilities - CVEs Published In 2021
Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.
CVSS Score
5.4
EPSS Score
0.006
Published
2021-11-03
An issue was discovered in Fimer Aurora Vision before 2.97.10. The response to a failed login attempt discloses whether the username or password is wrong, helping an attacker to enumerate usernames. This can make a brute-force attack easier.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-11-03
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see scripts from other ADOMS.
CVSS Score
5.2
EPSS Score
0.001
Published
2021-11-03
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection.
CVSS Score
7.8
EPSS Score
0.007
Published
2021-11-03
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-11-03
An issue was discovered in Fimer Aurora Vision before 2.97.10. An attacker can (in the WebUI) obtain plant information without authentication by reading the response of APIs from a kiosk view of a plant.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-11-03
Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint. The affected versions are before version 8.19.1.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-11-03
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1.
CVSS Score
8.1
EPSS Score
0.003
Published
2021-11-03
Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92.
CVSS Score
8.1
EPSS Score
0.004
Published
2021-11-03
Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-11-03