Enterprise
by Airmagnet
CVEs (31)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-15645 | 0.00 | — | 0.01 | Dec 22, 2020 | Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation. | |||
| CVE-2018-15634 | 0.00 | — | 0.01 | Dec 22, 2020 | Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link. | |||
| CVE-2020-15770 | 0.00 | — | 0.00 | Sep 18, 2020 | An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins. | |||
| CVE-2018-14860 | 0.00 | — | 0.02 | Jul 3, 2019 | Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system. | |||
| CVE-2019-7278 | 0.00 | — | 0.02 | Jul 1, 2019 | Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service. | |||
| CVE-2019-11488 | 0.00 | — | 0.02 | Apr 25, 2019 | Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from… | |||
| CVE-2019-11402 | 0.00 | — | 0.01 | Apr 21, 2019 | In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format. | |||
| CVE-2006-6291 | 0.00 | — | 0.03 | Dec 5, 2006 | Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.40 and 2.0 through 2.33, allows remote authenticated users to cause a denial of service (crash) via a long argument… | |||
| CVE-2006-5742 | 0.00 | — | 0.01 | Nov 6, 2006 | The AirMagnet Enterprise console and Remote Sensor console (Laptop) in AirMagnet Enterprise before 7.5 build 6307 allows remote attackers to inject arbitrary web script or HTML from a certain embedded Internet Explorer object into an SSID template value, aka "Cross-Application… | |||
| CVE-2006-5746 | 0.00 | — | 0.01 | Nov 6, 2006 | The console in AirMagnet Enterprise before 7.5 build 6307 does not properly validate the Enterprise Server certificate, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack, possibly related to the use of self-signed certificates. | |||
| CVE-2006-5741 | 0.00 | — | 0.01 | Nov 6, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart Sensor Edge Sensor; (2) the user name for a failed logon, when displayed in the… |
- CVE-2018-15645Dec 22, 2020risk 0.00cvss —epss 0.01
Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation.
- CVE-2018-15634Dec 22, 2020risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link.
- CVE-2020-15770Sep 18, 2020risk 0.00cvss —epss 0.00
An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins.
- CVE-2018-14860Jul 3, 2019risk 0.00cvss —epss 0.02
Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system.
- CVE-2019-7278Jul 1, 2019risk 0.00cvss —epss 0.02
Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service.
- CVE-2019-11488Apr 25, 2019risk 0.00cvss —epss 0.02
Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from…
- CVE-2019-11402Apr 21, 2019risk 0.00cvss —epss 0.01
In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format.
- CVE-2006-6291Dec 5, 2006risk 0.00cvss —epss 0.03
Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.40 and 2.0 through 2.33, allows remote authenticated users to cause a denial of service (crash) via a long argument…
- CVE-2006-5742Nov 6, 2006risk 0.00cvss —epss 0.01
The AirMagnet Enterprise console and Remote Sensor console (Laptop) in AirMagnet Enterprise before 7.5 build 6307 allows remote attackers to inject arbitrary web script or HTML from a certain embedded Internet Explorer object into an SSID template value, aka "Cross-Application…
- CVE-2006-5746Nov 6, 2006risk 0.00cvss —epss 0.01
The console in AirMagnet Enterprise before 7.5 build 6307 does not properly validate the Enterprise Server certificate, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack, possibly related to the use of self-signed certificates.
- CVE-2006-5741Nov 6, 2006risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart Sensor Edge Sensor; (2) the user name for a failed logon, when displayed in the…
Page 2 of 2