Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15632 | 1 Odoo | 1 Odoo | 2020-12-22 | 8.5 HIGH | 9.1 CRITICAL |
| Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials. | |||||
| CVE-2018-14860 | 1 Odoo | 1 Odoo | 2020-08-24 | 9.0 HIGH | 9.1 CRITICAL |
| Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system. | |||||
| CVE-2018-14885 | 1 Odoo | 1 Odoo | 2019-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. An arbitrary password succeeds. | |||||
| CVE-2017-10804 | 1 Odoo | 1 Odoo | 2017-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. This occurs because Psycopg 2.x before 2.6.3 is used. | |||||