Skip to main content
CVE-2021-33833 CRITICAL POC Act Now

ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Connection Manager Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-33357 CRITICAL POC THREAT Act Now

A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Raspap
NVD GitHub
CVSS 3.1
9.8
EPSS
17.9%
CVE-2021-23853 CRITICAL Act Now

In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Cpp4 Firmware Cpp6 Firmware Cpp7 Firmware Cpp7 3 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-33841 CRITICAL Act Now

SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sge Plc1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-23847 CRITICAL Act Now

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpp6 Firmware Cpp7 Firmware Cpp7 3 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy