Total
2382 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15513 | 1 Totemo | 1 Totemomail | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role. | |||||
| CVE-2018-14885 | 1 Odoo | 1 Odoo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. An arbitrary password succeeds. | |||||
| CVE-2018-14867 | 1 Odoo | 1 Odoo | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters. | |||||
| CVE-2018-14864 | 1 Odoo | 1 Odoo | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web script via a crafted attachment. | |||||
| CVE-2018-14863 | 1 Odoo | 1 Odoo | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Incorrect access control in the RPC framework in Odoo Community 8.0 through 11.0 and Odoo Enterprise 9.0 through 11.0 allows authenticated users to call private functions via RPC. | |||||
| CVE-2018-14859 | 1 Odoo | 1 Odoo | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated users to reset the password of other users by being the first party to use the secure token. | |||||
| CVE-2018-14833 | 1 Intuit | 1 Lacerte | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Intuit Lacerte 2017 has Incorrect Access Control. | |||||
| CVE-2018-13896 | 1 Qualcomm | 72 Mdm9206, Mdm9206 Firmware, Mdm9607 and 69 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| XBL_SEC image authentication and other crypto related validations are accessible to a compromised OEM XBL Loader due to missing lock at XBL_SEC stage.. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2018-13895 | 1 Qualcomm | 74 Mdm9150, Mdm9150 Firmware, Mdm9206 and 71 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Due to the missing permissions on several content providers of the RCS app in its android manifest file will lead to an unprivileged access to phone in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 | |||||
| CVE-2018-11744 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Cloudera Manager through 5.15 has Incorrect Access Control. | |||||
| CVE-2018-10691 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log (the system log). However, the same functionality allows an attacker to download the file without any authentication or authorization. | |||||
| CVE-2018-10631 | 1 Medtronic | 4 N\'vision 8840, N\'vision 8840 Firmware, N\'vision 8870 and 1 more | 2024-11-21 | 4.6 MEDIUM | 6.6 MEDIUM |
| Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions. The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer. | |||||
| CVE-2017-8340 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. | |||||
| CVE-2017-7497 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 4.0 MEDIUM | 4.1 MEDIUM |
| The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant. | |||||
| CVE-2017-6912 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. | |||||
| CVE-2017-5863 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. | |||||
| CVE-2017-5212 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control. | |||||
| CVE-2017-18543 | 1 Invite Anyone Project | 1 Invite Anyone | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations. | |||||
| CVE-2017-18457 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.9 MEDIUM | 4.4 MEDIUM |
| cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218). | |||||
| CVE-2017-18421 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271). | |||||