CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-7252
https://notcve.org/view.php?id=CVE-2019-7252
02 Jul 2019 — Linear eMerge E3-Series devices have Default Credentials. Los dispositivos Linear eMerge E3-Series tienen credenciales predeterminadas. • https://applied-risk.com/labs/advisories • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-7253
https://notcve.org/view.php?id=CVE-2019-7253
02 Jul 2019 — Linear eMerge E3-Series devices allow Directory Traversal. Los dispositivos Linear eMerge E3-Series permiten un salto de directorio . • https://applied-risk.com/labs/advisories • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 68%CPEs: 4EXPL: 3CVE-2019-7254 – eMerge E3 1.00-06 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-7254
02 Jul 2019 — Linear eMerge E3-Series devices allow File Inclusion. Los dispositivos Linear eMerge E3-Series permiten la inclusión de archivos. Linear eMerge E3 versions 1.00-06 and below suffer from file disclosure and traversal vulnerabilities. • https://packetstorm.news/files/id/155252 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 6%CPEs: 4EXPL: 3CVE-2019-7255 – eMerge E3 1.00-06 - 'layout' Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-7255
02 Jul 2019 — Linear eMerge E3-Series devices allow XSS. Los dispositivos Linear eMerge E3-Series permiten XSS. Linear eMerge E3 versions 1.00-06 and below suffer from a reflective cross site scripting vulnerability. • https://packetstorm.news/files/id/155253 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 8%CPEs: 4EXPL: 3CVE-2019-7257 – eMerge E3 1.00-06 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2019-7257
02 Jul 2019 — Linear eMerge E3-Series devices allow Unrestricted File Upload. Los dispositivos Linear eMerge E3-Series permiten la carga de archivos sin restricciones. • https://packetstorm.news/files/id/155254 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 2CVE-2019-7258 – Linear eMerge E3 1.00-06 Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-7258
02 Jul 2019 — Linear eMerge E3-Series devices allow Privilege Escalation. Los dispositivos Linear eMerge E3-Series permiten la escalada de privilegios. Linear eMerge E3 versions 1.00-06 and below suffer from a privilege escalation vulnerability. • https://packetstorm.news/files/id/155260 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 2CVE-2019-7259 – Linear eMerge E3 1.00-06 Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-7259
02 Jul 2019 — Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure. Los dispositivos Linear eMerge E3-Series permiten el Desvío de Autorización con revelación de Información. Linear eMerge E3 versions 1.00-06 and below suffer from a privilege escalation vulnerability. • https://packetstorm.news/files/id/155260 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-7260
https://notcve.org/view.php?id=CVE-2019-7260
02 Jul 2019 — Linear eMerge E3-Series devices have Cleartext Credentials in a Database. Los dispositivos Linear eMerge E3-Series tienen credenciales Cleartext en una base de datos. • https://applied-risk.com/labs/advisories • CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 3%CPEs: 4EXPL: 2CVE-2019-7261 – Nortek Linear eMerge E3 Access Controller 1.00-06 SSH/FTP Remote Root
https://notcve.org/view.php?id=CVE-2019-7261
02 Jul 2019 — Linear eMerge E3-Series devices have Hard-coded Credentials. Los dispositivos Linear eMerge E3-Series tienen credenciales codificadas. • https://packetstorm.news/files/id/155267 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 3CVE-2019-7262 – eMerge E3 1.00-06 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-7262
02 Jul 2019 — Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF). Los dispositivos Linear eMerge E3-Series permiten la falsificación de solicitudes Cross-Site (CSRF). Nortek Linear eMerge E3 suffers from a cross site request forgery vulnerability. • https://packetstorm.news/files/id/155263 • CWE-352: Cross-Site Request Forgery (CSRF) •