Threatscape

All the following vulnerabilities were discovered either by Positive Research experts or by automated security products from Positive Technologies, including MaxPatrol and PT Application Inspector.
High (7.0) CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Fix date: November 8, 2019
Vector: Local
Systems affected: Linux Kernel from version 3.18 up to 5.4
Notification status: 01.11.2019 - Linux kernel security team gets vulnerability details and fixes
02.11.2019 - Linux kernel security team allows full disclosure
02.11.2019 - Full disclosure at oss-security mailing list
08.11.2019 - Final version of the fixing patch is accepted for the mainline
High (8.1) CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
PT-2019-04: Security Bypass
Fix date: no patches available
Vector: Local
Vendor: Lenovo
High (8.1) CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
PT-2019-03: Security Bypass
Fix date: no patches available
Vector: Local
Vendor: Dell
Low (3.9) CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
PT-2019-02: Code Execution
Fix date: October 1, 2019
Vector: Remote
Vendor: HPE
Low (3.9) CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
PT-2019-01: Code Execution
Fix date: no patches available
Vector: Remote
Vendor: HPE
Medium (6.4) (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)
Fix date: December 20, 2018
Vector: Remote
Systems affected: EVLink Parking
Vendor: Schneider Electric
Notification status: 31.05.2018 - Vendor gets vulnerability details
20.12.2018 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
High (8.8) (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Fix date: December 20, 2018
Vector: Remote
Systems affected: EVLink Parking
Vendor: Schneider Electric
Notification status: 31.05.2018 - Vendor gets vulnerability details
20.12.2018 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Fix date: December 20, 2018
Vector: Remote
Systems affected: EVLink Parking
Vendor: Schneider Electric
Notification status: 31.05.2018 - Vendor gets vulnerability details
20.12.2018 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (4.3) (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Fix date: March 13, 2018
Vector: Remote
Systems affected: SAP Business Process Automation by Redwood 9.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
13.03.2018 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (5.4) (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L)
Fix date: March 13, 2018
Vector: Remote
Systems affected: SAP Business Process Automation by Redwood 9.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
13.03.2018 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (4.3) (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Fix date: October 10, 2017
Vector: Remote
Systems affected: SAP NetWeaver System Landscape Directory 7.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
10.10.2017 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (6.6) (AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L)
Fix date: December 12, 2017
Vector: Remote
Systems affected: SAP NetWeaver Knowledge Management Configuration Service 7.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
12.12.2017 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (5.4) (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Fix date: September 12, 2017
Vector: Remote
Systems affected: SAP NetWeaver Development Infrastructure Cockpit 7.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
12.09.2017 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (6.9) (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N)
Fix date: December 12, 2017
Vector: Remote
Systems affected: SAP Business Warehouse Universal Data Integration 7.x
Vendor: SAP
Notification status: 16.03.2017 - Vendor gets vulnerability details
12.12.2017 - Vendor releases fixed version and details
26.12.2018 - Public disclosure
Medium (10) (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Fix date: March 15, 2018
Vector: Remote
Systems affected: MGE Galaxy 3000
MGE Galaxy 4000
MGE Galaxy 5000
MGE Galaxy 6000
MGE Galaxy 9000
MGE EPS 6000
MGE EPS 7000
MGE EPS 8000
MGE Comet UPS
MGE Galaxy PW
STS (MGE Upsilon)
Vendor: Schneider Electric
Notification status: 20.02.2016 - Vendor gets vulnerability details
15.03.2018 - Vendor releases fixed version and details
18.12.2018 - Public disclosure
Medium (7.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Fix date: March 15, 2018
Vector: Remote
Systems affected: MGE Galaxy 3000
MGE Galaxy 4000
MGE Galaxy 5000
MGE Galaxy 6000
MGE Galaxy 9000
MGE EPS 6000
MGE EPS 7000
MGE EPS 8000
MGE Comet UPS
MGE Galaxy PW
STS (MGE Upsilon)
Vendor: Schneider Electric
Notification status: 20.02.2016 - Vendor gets vulnerability details
15.03.2018 - Vendor releases fixed version and details
18.12.2018 - Public disclosure
Medium (5.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Fix date: March 15, 2018
Vector: Remote
Systems affected: MGE Galaxy 3000
MGE Galaxy 4000
MGE Galaxy 5000
MGE Galaxy 6000
MGE Galaxy 9000
MGE EPS 6000
MGE EPS 7000
MGE EPS 8000
MGE Comet UPS
MGE Galaxy PW
STS (MGE Upsilon)
Vendor: Schneider Electric
Notification status: 20.02.2016 - Vendor gets vulnerability details
15.03.2018 - Vendor releases fixed version and details
18.12.2018 - Public disclosure
High (10) (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Fix date: March 15, 2018
Vector: Remote
Systems affected: MGE Galaxy 3000
MGE Galaxy 4000
MGE Galaxy 5000
MGE Galaxy 6000
MGE Galaxy 9000
MGE EPS 6000
MGE EPS 7000
MGE EPS 8000
MGE Comet UPS
MGE Galaxy PW
STS (MGE Upsilon)
Vendor: Schneider Electric
Notification status: 20.02.2016 - Vendor gets vulnerability details
15.03.2018 - Vendor releases fixed version and details
18.12.2018 - Public disclosure
Medium (6.9) (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N)
Fix date: December 18, 2018
Vector: Remote
Systems affected: S3 Browser 7.x
Vendor: NetSDK Software
Notification status: 09.10.2018 - Vendor gets vulnerability details
18.12.2018 - Vendor releases fixed version and details
18.12.2018 - Public disclosure
High (7.5) AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Fix date: February 6, 2018
Vector: Remote
Systems affected: NCR S1
Vendor: NCR
Notification status: 23.06.2017 - Vendor gets vulnerability details
06.02.2018 - Vendor releases fixed version and details
14.12.2018 - Public disclosure
Severity level
Date filters
Date range
Year
Month
Starts:
Year
Month
Ends:
Year
Month
Vendor
Company name
Systems affected
Software name
Positive Technologies Application Inspector
Editor’s Choice