CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44476 – Debian Security Advisory 5399-1
https://notcve.org/view.php?id=CVE-2021-44476
25 Apr 2023 — A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files. Several vulnerabilities were discovered in odoo, a suite of web based open source business apps. • https://github.com/odoo/odoo/issues/107684 • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-45111 – Debian Security Advisory 5399-1
https://notcve.org/view.php?id=CVE-2021-45111
25 Apr 2023 — Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts with known credentials. Several vulnerabilities were discovered in odoo, a suite of web based open source business apps. • https://github.com/odoo/odoo/issues/107683 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-23176 – Debian Security Advisory 5399-1
https://notcve.org/view.php?id=CVE-2021-23176
25 Apr 2023 — Improper access control in reporting engine of l10n_fr_fec module in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to extract accounting information via crafted RPC packets. Several vulnerabilities were discovered in odoo, a suite of web based open source business apps. • https://github.com/odoo/odoo/issues/107682 • CWE-284: Improper Access Control •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-45071 – Debian Security Advisory 5399-1
https://notcve.org/view.php?id=CVE-2021-45071
25 Apr 2023 — Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted uploaded file names. Several vulnerabilities were discovered in odoo, a suite of web based open source business apps. • https://github.com/odoo/odoo/issues/107697 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •