π¦Ώ UK lawmakers propose law banning retail bots after PS5 fiasco π¦Ώ
π Read
via "Tech Republic".
The legislation would both ban the resale of goods acquired using bots and the resale of tech products above the manufacturers' price.π Read
via "Tech Republic".
TechRepublic
UK lawmakers propose law banning retail bots after PS5 fiasco
The legislation would both ban the resale of goods acquired using bots and the resale of tech products above the manufacturers' price.
βΌ CVE-2019-11782 βΌ
π Read
via "National Vulnerability Database".
Improper access control in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users with access to contact management to modify user accounts, leading to privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2018-15645 βΌ
π Read
via "National Vulnerability Database".
Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2018-15633 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) issue in "document" module in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted attachment filenames.π Read
via "National Vulnerability Database".
βΌ CVE-2019-11784 βΌ
π Read
via "National Vulnerability Database".
Improper access control in mail module (notifications) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary messages in conversations they were not a party to.π Read
via "National Vulnerability Database".
βΌ CVE-2018-15641 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 through 14.0 and Odoo Enterprise 11.0 through 14.0, allows remote authenticated internal users to inject arbitrary web script in the browser of a victim via crafted calendar event attributes.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25106 βΌ
π Read
via "National Vulnerability Database".
Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename.π Read
via "National Vulnerability Database".
βΌ CVE-2019-11785 βΌ
π Read
via "National Vulnerability Database".
Improper access control in mail module (followers) in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on business records there were not given access to, and subscribe to receive future messages.π Read
via "National Vulnerability Database".
βΌ CVE-2019-11783 βΌ
π Read
via "National Vulnerability Database".
Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13570 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the JavaScript engine of Foxit SoftwareΓ’β¬β’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2019-11781 βΌ
π Read
via "National Vulnerability Database".
Improper input validation in portal component in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier, allows remote attackers to trick victims into modifying their account via crafted links, leading to privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2018-15634 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link.π Read
via "National Vulnerability Database".
βΌ CVE-2018-15632 βΌ
π Read
via "National Vulnerability Database".
Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13560 βΌ
π Read
via "National Vulnerability Database".
A use after free vulnerability exists in the JavaScript engine of Foxit SoftwareΓ’β¬β’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29396 βΌ
π Read
via "National Vulnerability Database".
A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2018-15638 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted channel names.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13557 βΌ
π Read
via "National Vulnerability Database".
A use after free vulnerability exists in the JavaScript engine of Foxit SoftwareΓ’β¬β’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2019-11786 βΌ
π Read
via "National Vulnerability Database".
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements.π Read
via "National Vulnerability Database".
β Holiday Puppy Swindle Has Consumers Howling β
π Read
via "Threat Post".
Those buying German Shepherd puppies for Bitcoin online are in for a ruff ride.π Read
via "Threat Post".
Threat Post
Holiday Puppy Swindle Has Consumers Howling
Those buying German Shepherd puppies for Bitcoin online are in for a ruff ride.
βΌ CVE-2020-24579 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14231 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user.π Read
via "National Vulnerability Database".