|
200621
|
8.8 |
HIGH
Network
|
sitemap_project
|
sitemap
|
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin (including a specific version) from the W…
|
NVD-CWE-Other
|
CVE-2021-24192
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200622
|
8.8 |
HIGH
Network
|
wpshopmart
|
coming_soon_page_\&_maintenance_mode
|
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Maintenance Mode & Site Under Construction WordPress plugin before 1.8.2, to install any plugin (inclu…
|
NVD-CWE-Other
|
CVE-2021-24191
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200623
|
8.8 |
HIGH
Network
|
wp-buy
|
conditional_marketing_mailer
|
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2, to install any plugin (including …
|
NVD-CWE-Other
|
CVE-2021-24190
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200624
|
8.8 |
HIGH
Network
|
wp-buy
|
captchinoo
|
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Captchinoo, Google recaptcha for admin login page WordPress plugin before 2.4, to install any plugin (inc…
|
NVD-CWE-noinfo
|
CVE-2021-24189
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200625
|
8.8 |
HIGH
Network
|
wp-buy
|
wp_content_copy_protection_\&_no_right_click
|
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Content Copy Protection & No Right Click WordPress plugin before 3.1.5, to install any plugin (includi…
|
NVD-CWE-Other
|
CVE-2021-24188
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200626
|
9.8 |
CRITICAL
Network
|
mercedes-benz
|
hermes
|
An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. There is an out-of-bounds array access in RemoteDiagnosisApp.
|
CWE-787
Out-of-bounds Write
|
CVE-2021-23910
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200627
|
9.8 |
CRITICAL
Network
|
mercedes-benz
|
hermes
|
An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The SH2 MCU allows remote code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2021-23909
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200628
|
9.8 |
CRITICAL
Network
|
mercedes-benz
|
headunit_ntg6_mercedes-benz_user_experience
|
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leadin…
|
CWE-843
Type Confusion
|
CVE-2021-23908
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200629
|
9.8 |
CRITICAL
Network
|
mercedes-benz
|
headunit_ntg6_mercedes-benz_user_experience
|
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQne…
|
NVD-CWE-noinfo
|
CVE-2021-23907
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200630
|
6.8 |
MEDIUM
Physics
|
mercedes-benz
|
mercedes-benz_user_experience
|
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code exe…
|
CWE-20
Improper Input Validation
|
CVE-2021-23906
|
2024-11-21 14:52 |
2021-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
