Skip to main content
CVE-2015-6435 CRITICAL POC THREAT Emergency

An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.0%.

Command Injection Cisco Firepower Extensible Operating System Unified Computing System
NVD
CVSS 3.0
9.8
EPSS
16.0%
CVE-2015-8362 CRITICAL POC Act Now

The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Amx Firmware
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2016-1984 CRITICAL POC PATCH Act Now

The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Amx Firmware
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2015-6015 CRITICAL Act Now

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.7% and no vendor patch available.

RCE Buffer Overflow Oracle Outside In Technology
NVD
CVSS 2.0
10.0
EPSS
13.7%
CVE-2015-6014 CRITICAL Act Now

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.7% and no vendor patch available.

RCE Buffer Overflow Oracle Outside In Technology
NVD
CVSS 2.0
10.0
EPSS
13.7%
CVE-2015-6013 CRITICAL Act Now

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.7% and no vendor patch available.

RCE Buffer Overflow Oracle Outside In Technology
NVD
CVSS 2.0
10.0
EPSS
13.7%
CVE-2015-6925 HIGH POC This Week

wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wolfssl
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2015-7744 MEDIUM POC This Month

wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Wolfssl Leap Opensuse +1
NVD
CVSS 3.1
5.9
EPSS
2.7%
CVE-2015-6412 CRITICAL Act Now

Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Modular Encoding Platform D9036 Software
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2016-1134 HIGH This Week

Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Whr 1166Dhp Firmware Whr 300Hp2 Firmware Wmr 300 Firmware Bhr 4Grv2 Firmware +4
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-1570 HIGH This Week

The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 3.0
8.5
EPSS
0.2%
CVE-2016-1572 HIGH PATCH This Week

mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Ecryptfs Utils Ubuntu Linux Leap Opensuse +2
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2015-7909 HIGH This Week

Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Communication Engine Lifecare Pca Infusion System
NVD
CVSS 3.0
7.3
EPSS
0.4%
CVE-2016-1571 MEDIUM This Month

The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Canonical Denial Of Service Xenserver Xen
NVD
CVSS 3.0
6.3
EPSS
0.3%
CVE-2016-1135 MEDIUM This Month

Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wmr 300 Firmware Wex 300 Firmware Wmr 433 Firmware Bhr 4Grv2 Firmware +4
NVD
CVSS 3.0
6.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy