Security Vulnerabilities - CVEs Published In March 2019
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Score
2.9
EPSS Score
0.001
Published
2019-03-21
The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails.
CVSS Score
4.0
EPSS Score
0.001
Published
2019-03-21
LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-03-21
LayerBB 1.1.1 allows XSS via the titles of conversations (PMs).
CVSS Score
6.1
EPSS Score
0.026
Published
2019-03-21
Lobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and signing in as a visitor, an attacker could exploit this vulnerability using the command line to break out of kiosk mode.
CVSS Score
8.4
EPSS Score
0.001
Published
2019-03-21
Lobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and accessing the print badge screen, an attacker could exploit this vulnerability using the command line to break out of kiosk mode.
CVSS Score
8.4
EPSS Score
0.001
Published
2019-03-21
EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers.
CVSS Score
2.9
EPSS Score
0.0
Published
2019-03-21
EasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task manager, a local attacker could exploit this vulnerability to kill the process or launch new processes at will.
CVSS Score
7.7
EPSS Score
0.0
Published
2019-03-21
EasyLobby Solo could allow a local attacker to gain elevated privileges on the system. By visiting the kiosk and typing "esc" to exit the program, an attacker could exploit this vulnerability to perform unauthorized actions on the computer.
CVSS Score
8.4
EPSS Score
0.0
Published
2019-03-21
EasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
CVSS Score
8.4
EPSS Score
0.001
Published
2019-03-21