Odoo

Odoo

55 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2018-15633

  • EPSS 0.29%
  • Veröffentlicht 22.12.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 03:51:11

Cross-site scripting (XSS) issue in "document" module in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted attachment filenames.

9.1

CVE-2018-15632

  • EPSS 0.58%
  • Veröffentlicht 22.12.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 03:51:11

Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials.

8.1

CVE-2019-11780

  • EPSS 0.22%
  • Veröffentlicht 19.12.2019 16:16:42
  • Zuletzt bearbeitet 21.11.2024 04:21:46

Improper access control in the computed fields system of the framework of Odoo Community 13.0 and Odoo Enterprise 13.0 allows remote authenticated attackers to access sensitive information via crafted RPC requests, which could lead to privilege escal...

7.5

CVE-2018-14733

  • EPSS 0.88%
  • Veröffentlicht 05.07.2019 20:15:13
  • Zuletzt bearbeitet 21.11.2024 03:49:41

The Odoo Community Association (OCA) dbfilter_from_header module makes Odoo 8.x, 9.x, 10.x, and 11.x vulnerable to ReDoS (regular expression denial of service) under certain circumstances.

9.1

CVE-2018-14860

  • EPSS 2.24%
  • Veröffentlicht 03.07.2019 20:15:10
  • Zuletzt bearbeitet 21.11.2024 03:49:56

Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting sy...

8.1

CVE-2018-14859

  • EPSS 0.35%
  • Veröffentlicht 03.07.2019 20:15:10
  • Zuletzt bearbeitet 21.11.2024 03:49:56

Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated users to reset the password of other users by being the first party to use the secure token.

6.5

CVE-2018-14861

  • EPSS 0.36%
  • Veröffentlicht 03.07.2019 19:15:10
  • Zuletzt bearbeitet 21.11.2024 03:49:56

Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users.

6.5

CVE-2018-14862

  • EPSS 0.25%
  • Veröffentlicht 03.07.2019 19:15:10
  • Zuletzt bearbeitet 21.11.2024 03:49:56

Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request.

8.1

CVE-2018-14863

  • EPSS 0.35%
  • Veröffentlicht 03.07.2019 19:15:10
  • Zuletzt bearbeitet 21.11.2024 03:49:57

Incorrect access control in the RPC framework in Odoo Community 8.0 through 11.0 and Odoo Enterprise 9.0 through 11.0 allows authenticated users to call private functions via RPC.

6.5

CVE-2018-14864

  • EPSS 0.13%
  • Veröffentlicht 03.07.2019 19:15:10
  • Zuletzt bearbeitet 21.11.2024 03:49:57

Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web script via a crafted attachment.