Linear
by Linear
CVEs (23)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-7256 | Cri | 0.86 | 9.8 | 0.97 | KEV | Jul 2, 2019 | Linear eMerge E3-Series devices allow Command Injections. | |
| CVE-2019-7257 | Cri | 0.74 | 10.0 | 0.70 | Jul 2, 2019 | Linear eMerge E3-Series devices allow Unrestricted File Upload. | ||
| CVE-2019-7269 | Cri | 0.70 | 9.8 | 0.40 | Jul 2, 2019 | Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution. | ||
| CVE-2024-9441 | Cri | 0.69 | 9.8 | 0.54 | Oct 2, 2024 | The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP. | ||
| CVE-2019-7265 | Cri | 0.69 | 9.8 | 0.23 | Jul 2, 2019 | Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH). | ||
| CVE-2019-7268 | Cri | 0.66 | 10.0 | 0.06 | Jul 2, 2019 | Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. | ||
| CVE-2019-7267 | Cri | 0.65 | 9.8 | 0.21 | Jul 2, 2019 | Linear eMerge 50P/5000P devices allow Cookie Path Traversal. | ||
| CVE-2019-7253 | Cri | 0.64 | 9.8 | 0.03 | Jul 2, 2019 | Linear eMerge E3-Series devices allow Directory Traversal. | ||
| CVE-2019-7252 | Cri | 0.64 | 9.8 | 0.05 | Jul 2, 2019 | Linear eMerge E3-Series devices have Default Credentials. | ||
| CVE-2019-7261 | Cri | 0.64 | 9.8 | 0.05 | Jul 2, 2019 | Linear eMerge E3-Series devices have Hard-coded Credentials. | ||
| CVE-2019-7260 | Cri | 0.64 | 9.8 | 0.07 | Jul 2, 2019 | Linear eMerge E3-Series devices have Cleartext Credentials in a Database. | ||
| CVE-2019-7266 | Cri | 0.64 | 9.8 | 0.05 | Jul 2, 2019 | Linear eMerge 50P/5000P devices allow Authentication Bypass. | ||
| CVE-2019-7264 | Cri | 0.64 | 9.8 | 0.02 | Jul 2, 2019 | Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on the ARM platform. | ||
| CVE-2019-7262 | Hig | 0.62 | 8.8 | 0.16 | Jul 2, 2019 | Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF). | ||
| CVE-2019-7258 | Hig | 0.59 | 8.8 | 0.20 | Jul 2, 2019 | Linear eMerge E3-Series devices allow Privilege Escalation. | ||
| CVE-2019-7254 | Hig | 0.58 | 7.5 | 0.82 | Jul 2, 2019 | Linear eMerge E3-Series devices allow File Inclusion. | ||
| CVE-2019-7259 | Hig | 0.58 | 8.8 | 0.13 | Jul 2, 2019 | Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure. | ||
| CVE-2020-9057 | Hig | 0.57 | 8.8 | 0.00 | Jan 10, 2022 | Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware… | ||
| CVE-2020-9058 | Hig | 0.53 | 8.1 | 0.00 | Jan 10, 2022 | Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection. | ||
| CVE-2024-12496 | Med | 0.42 | 6.4 | 0.00 | Jan 9, 2025 | The Linear plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linear_block_buy_commissions' shortcode in all versions up to, and including, 2.7.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes… |
- risk 0.86cvss 9.8epss 0.97
Linear eMerge E3-Series devices allow Command Injections.
- risk 0.74cvss 10.0epss 0.70
Linear eMerge E3-Series devices allow Unrestricted File Upload.
- risk 0.70cvss 9.8epss 0.40
Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution.
- risk 0.69cvss 9.8epss 0.54
The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP.
- risk 0.69cvss 9.8epss 0.23
Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH).
- risk 0.66cvss 10.0epss 0.06
Linear eMerge 50P/5000P devices allow Unauthenticated File Upload.
- risk 0.65cvss 9.8epss 0.21
Linear eMerge 50P/5000P devices allow Cookie Path Traversal.
- risk 0.64cvss 9.8epss 0.03
Linear eMerge E3-Series devices allow Directory Traversal.
- risk 0.64cvss 9.8epss 0.05
Linear eMerge E3-Series devices have Default Credentials.
- risk 0.64cvss 9.8epss 0.05
Linear eMerge E3-Series devices have Hard-coded Credentials.
- risk 0.64cvss 9.8epss 0.07
Linear eMerge E3-Series devices have Cleartext Credentials in a Database.
- risk 0.64cvss 9.8epss 0.05
Linear eMerge 50P/5000P devices allow Authentication Bypass.
- risk 0.64cvss 9.8epss 0.02
Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on the ARM platform.
- risk 0.62cvss 8.8epss 0.16
Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF).
- risk 0.59cvss 8.8epss 0.20
Linear eMerge E3-Series devices allow Privilege Escalation.
- risk 0.58cvss 7.5epss 0.82
Linear eMerge E3-Series devices allow File Inclusion.
- risk 0.58cvss 8.8epss 0.13
Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure.
- risk 0.57cvss 8.8epss 0.00
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware…
- risk 0.53cvss 8.1epss 0.00
Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection.
- risk 0.42cvss 6.4epss 0.00
The Linear plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linear_block_buy_commissions' shortcode in all versions up to, and including, 2.7.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes…
Page 1 of 2