Skip to main content
CVE-2019-7256 CRITICAL POC KEV THREAT Emergency

Linear eMerge E3-Series devices allow Command Injections. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linear Emerge Essential Firmware Linear Emerge Elite Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
97.1%
CVE-2019-7257 CRITICAL POC THREAT Act Now

Linear eMerge E3-Series devices allow Unrestricted File Upload. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Linear Emerge Essential Firmware Linear Emerge Elite Firmware
NVD Exploit-DB
CVSS 3.1
10.0
EPSS
70.0%
CVE-2019-7268 CRITICAL POC Act Now

Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Linear Emerge 50P Firmware Linear Emerge 5000P Firmware
NVD
CVSS 3.1
10.0
EPSS
6.5%
CVE-2019-13177 CRITICAL POC PATCH Act Now

verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Python Information Disclosure Django Rest Registration
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-7261 CRITICAL POC Act Now

Linear eMerge E3-Series devices have Hard-coded Credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Linear Emerge Essential Firmware Linear Emerge Elite Firmware
NVD
CVSS 3.1
9.8
EPSS
5.5%
CVE-2019-7269 CRITICAL POC THREAT Act Now

Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Linear Emerge 50P Firmware Linear Emerge 5000P Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
40.0%
CVE-2019-7267 CRITICAL POC THREAT Act Now

Linear eMerge 50P/5000P devices allow Cookie Path Traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Linear Emerge 50P Firmware Linear Emerge 5000P Firmware
NVD
CVSS 3.1
9.8
EPSS
21.5%
CVE-2019-7265 CRITICAL POC THREAT Act Now

Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Linear Emerge Essential Firmware Linear Emerge Elite Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
23.1%
CVE-2019-7258 HIGH POC THREAT This Week

Linear eMerge E3-Series devices allow Privilege Escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation Linear Emerge Essential Firmware Linear Emerge Elite Firmware
NVD
CVSS 3.1
8.8
EPSS
19.6%
CVE-2019-7262 HIGH POC THREAT This Week

Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Linear Emerge Essential Firmware Linear Emerge Elite Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
16.3%
CVE-2019-7259 HIGH POC THREAT This Week

Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Linear Emerge Essential Firmware Linear Emerge Elite Firmware
NVD
CVSS 3.1
8.8
EPSS
13.2%
CVE-2019-13056 HIGH POC This Week

An issue was discovered in CyberPanel through 1.8.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cyberpanel
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-13155 HIGH POC This Week

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 827Dru Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2019-13154 HIGH POC This Week

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 827Dru Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2019-13153 HIGH POC This Week

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 827Dru Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2019-13152 HIGH POC This Week

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 827Dru Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2019-13151 HIGH POC This Week

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 827Dru Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2019-13150 HIGH POC This Week

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 827Dru Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2019-13149 HIGH POC This Week

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 827Dru Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2019-13148 HIGH POC This Week

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 827Dru Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2019-13178 HIGH POC This Week

modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Calamares
NVD GitHub
CVSS 3.0
8.1
EPSS
1.7%
CVE-2019-13179 HIGH POC This Week

Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a globally readable initramfs image with insecure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Calamares
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2019-7254 HIGH POC THREAT This Week

Linear eMerge E3-Series devices allow File Inclusion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Linear Emerge Essential Firmware Linear Emerge Elite Firmware
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
82.0%
CVE-2019-13147 MEDIUM POC This Month

In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Audiofile Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-7255 MEDIUM POC THREAT This Month

Linear eMerge E3-Series devices allow XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Linear Emerge Essential Firmware Linear Emerge Elite Firmware
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
55.8%
CVE-2019-10137 CRITICAL Act Now

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Satellite Spacewalk
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2019-7253 CRITICAL Act Now

Linear eMerge E3-Series devices allow Directory Traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Linear Emerge Essential Firmware Linear Emerge Elite Firmware
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-7252 CRITICAL Act Now

Linear eMerge E3-Series devices have Default Credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Linear Emerge Essential Firmware Linear Emerge Elite Firmware
NVD
CVSS 3.0
9.8
EPSS
4.9%
CVE-2019-7260 CRITICAL Act Now

Linear eMerge E3-Series devices have Cleartext Credentials in a Database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Linear Emerge Essential Firmware Linear Emerge Elite Firmware
NVD
CVSS 3.0
9.8
EPSS
6.6%
CVE-2019-7266 CRITICAL Act Now

Linear eMerge 50P/5000P devices allow Authentication Bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Linear Emerge 50P Firmware Linear Emerge 5000P Firmware
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2019-7264 CRITICAL Act Now

Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on the ARM platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Linear Emerge Essential Firmware Linear Emerge Elite Firmware
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2019-7263 CRITICAL Act Now

Linear eMerge E3-Series devices have a Version Control Failure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Linear Emerge Essential Firmware Linear Emerge Elite Firmware
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-12594 CRITICAL Act Now

DOSBox 0.74-2 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dosbox Debian Linux
NVD
CVSS 3.0
9.8
EPSS
6.7%
CVE-2019-4087 CRITICAL Act Now

IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow IBM RCE Memory Corruption Spectrum Protect Operations Center
NVD
CVSS 3.1
9.8
EPSS
7.0%
CVE-2019-7270 HIGH This Week

Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Linear Emerge 50P Firmware Linear Emerge 5000P Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-4292 HIGH PATCH This Week

IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM RCE Security Guardium
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-5443 HIGH PATCH This Week

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine"). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection OpenSSL RCE Curl Enterprise Manager Ops Center +7
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-4088 HIGH This Week

IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Protect Operations Center
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-6623 HIGH This Week

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, undisclosed traffic sent to BIG-IP iSession virtual server may cause the Traffic Management Microkernel (TMM) to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Link Controller +9
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-6624 HIGH This Week

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, an undisclosed traffic pattern sent to a BIG-IP UDP virtual server may lead to a denial-of-service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Link Controller +9
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-5599 HIGH PATCH This Week

In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an attacker to cause several linked lists to grow unbounded and cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Freebsd
NVD GitHub
CVSS 3.0
7.5
EPSS
5.2%
CVE-2019-13173 HIGH PATCH This Week

fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Fstream
NVD GitHub
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-6622 HIGH This Week

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, an undisclosed iControl REST worker is vulnerable to command injection by an administrator or resource. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Link Controller +9
NVD
CVSS 3.0
7.2
EPSS
1.8%
CVE-2019-6621 HIGH This Week

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ 7.0.0-7.1.0.2, 6.0.0-6.1.0, and 5.1.0-5.4.0, an undisclosed iControl REST. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Link Controller +10
NVD
CVSS 3.0
7.2
EPSS
2.0%
CVE-2019-6620 HIGH This Week

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4 and BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, an undisclosed iControl REST worker vulnerable to command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Link Controller +10
NVD
CVSS 3.0
7.2
EPSS
1.8%
CVE-2019-4140 HIGH PATCH This Week

IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Spectrum Protect
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2019-10975 MEDIUM PATCH This Month

An out-of-bounds read vulnerability has been identified in Fuji Electric Alpha7 PC Loader Versions 1.1 and prior, which may crash the system. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Alpha7 Pc Loader Firmware
NVD
CVSS 3.0
6.6
EPSS
0.6%
CVE-2019-13175 MEDIUM This Month

Read the Docs before 3.5.1 has an Open Redirect if certain user-defined redirects are used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Read The Docs
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-4134 MEDIUM This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Planning Analytics
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-4260 MEDIUM PATCH This Month

IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Daeja Viewone
NVD
CVSS 3.1
5.3
EPSS
1.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy