Vulnerabilities > Improper Access Control
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-10 | CVE-2018-19496 | Improper Access Control vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. | 6.5 |
2019-07-10 | CVE-2018-19494 | Improper Access Control vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. | 4.3 |
2019-07-09 | CVE-2018-14833 | Improper Access Control vulnerability in Intuit Lacerte Intuit Lacerte 2017 has Incorrect Access Control. | 5.9 |
2019-07-03 | CVE-2018-14859 | Improper Access Control vulnerability in Odoo 10.0/11.0/9.0 Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated users to reset the password of other users by being the first party to use the secure token. | 8.1 |
2019-07-03 | CVE-2018-14864 | Improper Access Control vulnerability in Odoo 10.0/8.0/9.0 Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web script via a crafted attachment. | 6.5 |
2019-07-03 | CVE-2018-14863 | Improper Access Control vulnerability in Odoo 10.0/11.0/9.0 Incorrect access control in the RPC framework in Odoo Community 8.0 through 11.0 and Odoo Enterprise 9.0 through 11.0 allows authenticated users to call private functions via RPC. | 8.1 |
2019-06-28 | CVE-2019-13028 | Improper Access Control vulnerability in Minv Electronic Identification Cards Client An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux version before 3.0.3) allows remote attackers to execute arbitrary code (.cgi, .pl, or .php) or delete arbitrary files via a crafted HTML page. | 8.8 |
2019-06-28 | CVE-2018-14885 | Improper Access Control vulnerability in Odoo 10.0/11.0 Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. | 9.8 |
2019-06-28 | CVE-2018-14867 | Improper Access Control vulnerability in Odoo 10.0/9.0 Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters. | 5.3 |
2019-06-20 | CVE-2018-16553 | Improper Access Control vulnerability in Jspxcms 9.0.0 In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remote code execution after logging in as web admin. | 7.2 |