Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2019
CVE-2019-6632
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-07-03
CVE-2018-14861
Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-07-03
CVE-2018-14862
Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-07-03
CVE-2018-14863
Incorrect access control in the RPC framework in Odoo Community 8.0 through 11.0 and Odoo Enterprise 9.0 through 11.0 allows authenticated users to call private functions via RPC.
CVSS Score
8.1
EPSS Score
0.003
Published
2019-07-03
CVE-2018-14864
Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web script via a crafted attachment.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-07-03
CVE-2018-14865
Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier does not use secure options when passing documents to wkhtmltopdf, which allows remote attackers to read local files.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-07-03
CVE-2019-6633
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource Administrator roles can bypass Appliance mode restrictions.
CVSS Score
4.4
EPSS Score
0.001
Published
2019-07-03
CVE-2019-7165
A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.04
Published
2019-07-03
CVE-2018-12715
DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-03
CVE-2018-14866
Incorrect access control in the TransientModel framework in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated attackers to access data in transient records that they do not own by making an RPC call before garbage collection occurs.
CVSS Score
4.3
EPSS Score
0.003
Published
2019-07-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved