Skip to main content
CVE-2015-6435 CRITICAL POC THREAT Emergency

An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.0%.

Command Injection Cisco Firepower Extensible Operating System Unified Computing System
NVD
CVSS 3.0
9.8
EPSS
16.0%
CVE-2015-8362 CRITICAL POC Act Now

The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Amx Firmware
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2016-1984 CRITICAL POC PATCH Act Now

The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Amx Firmware
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2015-6015 CRITICAL Act Now

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.7% and no vendor patch available.

RCE Buffer Overflow Oracle Outside In Technology
NVD
CVSS 2.0
10.0
EPSS
13.7%
CVE-2015-6014 CRITICAL Act Now

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.7% and no vendor patch available.

RCE Buffer Overflow Oracle Outside In Technology
NVD
CVSS 2.0
10.0
EPSS
13.7%
CVE-2015-6013 CRITICAL Act Now

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.7% and no vendor patch available.

RCE Buffer Overflow Oracle Outside In Technology
NVD
CVSS 2.0
10.0
EPSS
13.7%
CVE-2015-6412 CRITICAL Act Now

Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Modular Encoding Platform D9036 Software
NVD
CVSS 3.0
9.8
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy