CVE-2019-18665: Directory Traversal in DOMOS

Overview Vendor: SECUDOS GmbH Product: DOMOS Version: 5.5 Vulnerability: Directory Traversal Fixed Version: 5.6 Background DOMOS is an own and hardened operating system of SECUDOS GmbH. The operating system is used as a platform by several applications. It also offers a web interface for the administration of operating system settings....


CVE-2019-18663: SQL-Injection in ARP-GUARD

Overview Vendor: ISL Internet Sicherheitslösungen GmbH Product: ARP-GUARD Version: 4.0.0-5 Vulnerability: SQL-Injection Fixed Version: 4.0.0-7 Background ARP-GUARD is a Network Access Control Solution to protect company networks against from unauthorised access. It identify allowed devices via their MAC address or certificates (802.1X). From the vendor’s website: “ARP-GUARD makes sure that...


CVE-2019-9727: Unauthenticated password hash disclosure in Homematic CCU3

Overview Vendor: eQ-3 AG Product: Homematic CCU3 Version: 3.43.15 Vulnerability: Unauthenticated password hash disclosure Background HomeMatic is a home automation system consisting of various components for automating several parts of a building, including different sensors and actuators. The HomeMatic CCU3 is a central control unit, which is responsible for integrating...


CVE-2019-9726: Directory Traversal / Arbitrary File Read in Homematic CCU3

Overview Vendor: eQ-3 AG Product: Homematic CCU3 Version: 3.43.15 Vulnerability: Arbitrary File Read Background HomeMatic is a home automation system consisting of various components for automating several parts of a building, including different sensors and actuators. The HomeMatic CCU3 is a central control unit, which is responsible for integrating these...


CVE-2019-3702: Remote Code Execution in Lifesize Icon

Overview Vendor: Lifesize Product: Lifesize Icon Version: LS_RM3_3.7.0 (2421) Vulnerability: Remote Code Execution Background LifeSize Icon is a video collaboration platform and consists of various components, e.q. software, video and phone systems. From the vendor’s website: “For more than a decade, Lifesize has been at the forefront of video collaboration...