|
197731
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
firefox_esr
|
A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information lea…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-23981
|
2024-11-21 14:52 |
2021-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197732
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unno…
|
NVD-CWE-Other
|
CVE-2021-23985
|
2024-11-21 14:52 |
2021-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197733
|
4.8 |
MEDIUM
Network
|
mcafee
|
epolicy_orchestrator
|
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the admi…
|
CWE-79
Cross-site Scripting
|
CVE-2021-23889
|
2024-11-21 14:52 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197734
|
6.3 |
MEDIUM
Network
|
mcafee
|
epolicy_orchestrator
|
Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which …
|
CWE-601
Open Redirect
|
CVE-2021-23888
|
2024-11-21 14:52 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197735
|
6.5 |
MEDIUM
Network
|
mcafee
|
epolicy_orchestrator
|
Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically McAfe…
|
CWE-200
Information Exposure
|
CVE-2021-23890
|
2024-11-21 14:52 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197736
|
8.8 |
HIGH
Network
|
webnus
|
modern_events_calendar_lite
|
Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mec[post_id] POST parameter in the mec_fes_form AJAX action when logged in as an au…
|
CWE-89
SQL Injection
|
CVE-2021-24149
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197737
|
9.8 |
CRITICAL
Network
|
inspireui
|
mstore_api
|
A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cook…
|
CWE-287
Improper Authentication
|
CVE-2021-24148
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197738
|
5.4 |
MEDIUM
Network
|
webnus
|
modern_events_calendar_lite
|
Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the mic_comment field (Notes on time) when adding/editing a…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24147
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197739
|
7.5 |
HIGH
Network
|
webnus
|
modern_events_calendar_lite
|
Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to expor…
|
CWE-862
Missing Authorization
|
CVE-2021-24146
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197740
|
7.2 |
HIGH
Network
|
webnus
|
modern_events_calendar_lite
|
Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using…
|
-
|
CVE-2021-24145
|
2024-11-21 14:52 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
