Skip to main content
CVE-2015-5082 CRITICAL POC THREAT Emergency

Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.7%.

Command Injection Endian Firewall
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
86.7%
Threat
6.1
CVE-2015-5957 CRITICAL POC PATCH Act Now

Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Opensuse Remind
NVD
CVSS 2.0
10.0
EPSS
0.5%
CVE-2015-6280 CRITICAL Act Now

The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Authentication Bypass iOS Ios Xe
NVD
CVSS 2.0
9.3
EPSS
1.2%
CVE-2015-3974 CRITICAL Act Now

EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Honeywell Authentication Bypass Easyio 30P Sf Firmware Easyio 30P Sf
NVD
CVSS 2.0
9.0
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy