Security Vulnerabilities - CVEs Published In March 2019
The WP Human Resource Management plugin before 2.2.6 for WordPress mishandles leave applications.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-03-05
The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role.
CVSS Score
7.5
EPSS Score
0.009
Published
2019-03-05
The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlw_quiz_results quiz_id XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-03-05
Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-03-05
Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-03-05
Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot.
CVSS Score
9.1
EPSS Score
0.003
Published
2019-03-05
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack.
CVSS Score
9.8
EPSS Score
0.002
Published
2019-03-05
PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy versions Telecontrol Gateway 3G Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol Gateway XS-MU Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol Gateway VM Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Smart Telecontrol Unit TCG Versions 5.0.27, 5.1.19, 6.0.16 and prior, and IEC104 Security Proxy Version 2.2.10 and prior The web application browser interprets input as active HTML, JavaScript, or VBScript, which could allow an attacker to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.009
Published
2019-03-05
Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution.
CVSS Score
9.8
EPSS Score
0.069
Published
2019-03-05
Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash.
CVSS Score
6.5
EPSS Score
0.014
Published
2019-03-05