|
196231
|
9.8 |
CRITICAL
Network
|
mercedes-benz
|
headunit_ntg6_mercedes-benz_user_experience
|
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQne…
|
NVD-CWE-noinfo
|
CVE-2021-23907
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196232
|
6.8 |
MEDIUM
Physics
|
mercedes-benz
|
mercedes-benz_user_experience
|
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code exe…
|
CWE-20
Improper Input Validation
|
CVE-2021-23906
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196233
|
7.0 |
HIGH
Local
|
mcafee
|
endpoint_security_for_linux_threat_prevention
|
By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform …
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2021-23892
|
2024-11-21 14:52 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196234
|
7.8 |
HIGH
Local
|
mcafee
|
total_protection
|
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing …
|
CWE-269
Improper Privilege Management
|
CVE-2021-23891
|
2024-11-21 14:52 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196235
|
7.2 |
HIGH
Network
|
fortinet
|
fortinac
|
A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges.
|
NVD-CWE-noinfo
|
CVE-2021-24011
|
2024-11-21 14:52 |
2021-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196236
|
7.2 |
HIGH
Network
|
college_publisher_import_project
|
college_publisher_import
|
The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due…
|
-
|
CVE-2021-24254
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196237
|
8.8 |
HIGH
Network
|
classyfrieds_project
|
classyfrieds
|
The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authe…
|
-
|
CVE-2021-24253
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196238
|
7.2 |
HIGH
Network
|
wp-eventmanager
|
event_banner
|
The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-24252
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196239
|
4.3 |
MEDIUM
Network
|
strategy11
|
business_directory_plugin_-_easy_listing_directories
|
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in admini…
|
-
|
CVE-2021-24251
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196240
|
5.4 |
MEDIUM
Network
|
strategy11
|
business_directory_plugin_-_easy_listing_directories
|
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stor…
|
-
|
CVE-2021-24250
|
2024-11-21 14:52 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
