CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 2CVE-2019-7259 – Linear eMerge E3 1.00-06 Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-7259
02 Jul 2019 — Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure. Los dispositivos Linear eMerge E3-Series permiten el Desvío de Autorización con revelación de Información. Linear eMerge E3 versions 1.00-06 and below suffer from a privilege escalation vulnerability. • https://packetstorm.news/files/id/155260 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-7260
https://notcve.org/view.php?id=CVE-2019-7260
02 Jul 2019 — Linear eMerge E3-Series devices have Cleartext Credentials in a Database. Los dispositivos Linear eMerge E3-Series tienen credenciales Cleartext en una base de datos. • https://applied-risk.com/labs/advisories • CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 3%CPEs: 4EXPL: 2CVE-2019-7261 – Nortek Linear eMerge E3 Access Controller 1.00-06 SSH/FTP Remote Root
https://notcve.org/view.php?id=CVE-2019-7261
02 Jul 2019 — Linear eMerge E3-Series devices have Hard-coded Credentials. Los dispositivos Linear eMerge E3-Series tienen credenciales codificadas. • https://packetstorm.news/files/id/155267 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 3CVE-2019-7262 – eMerge E3 1.00-06 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-7262
02 Jul 2019 — Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF). Los dispositivos Linear eMerge E3-Series permiten la falsificación de solicitudes Cross-Site (CSRF). Nortek Linear eMerge E3 suffers from a cross site request forgery vulnerability. • https://packetstorm.news/files/id/155263 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-7263
https://notcve.org/view.php?id=CVE-2019-7263
02 Jul 2019 — Linear eMerge E3-Series devices have a Version Control Failure. Los dispositivos Linear eMerge E3-Series tienen una fallo de control de versión. • https://applied-risk.com/labs/advisories • CWE-18: DEPRECATED: Source Code •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-7264
https://notcve.org/view.php?id=CVE-2019-7264
02 Jul 2019 — Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on the ARM platform. Los dispositivos Linear eMerge E3-Series permiten un desbordamiento de búfer Stack-based a en la plataforma ARM. • https://applied-risk.com/labs/advisories • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 54%CPEs: 4EXPL: 3CVE-2019-7265 – eMerge E3 Access Controller 4.6.07 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-7265
02 Jul 2019 — Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH). Los dispositivos Linear eMerge E3-Series permiten la ejecución remota de código (acceso de root a través de SSH). • https://packetstorm.news/files/id/155267 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2019-7266 – Linear eMerge50P/5000P 4.6.07 Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-7266
02 Jul 2019 — Linear eMerge 50P/5000P devices allow Authentication Bypass. Los dispositivos linear eMerge 50P / 5000P permiten la omisión de identificación. • https://packetstorm.news/files/id/155250 • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 2CVE-2019-7267 – Linear eMerge50P/5000P 4.6.07 Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-7267
02 Jul 2019 — Linear eMerge 50P/5000P devices allow Cookie Path Traversal. Los dispositivos lineales eMerge 50P / 5000P permiten el recorrido de la ruta de las cookies. • https://packetstorm.news/files/id/155250 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 2CVE-2019-7268 – Linear eMerge50P/5000P 4.6.07 Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-7268
02 Jul 2019 — Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. Los dispositivos linear eMerge 50P / 5000P permiten la carga de archivos no identificados • https://packetstorm.news/files/id/155250 • CWE-434: Unrestricted Upload of File with Dangerous Type •