Search CVE reports
1 – 10 of 10 results
CVE-2022-26662
Medium priorityAn XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus))...
2 affected packages
tryton-proteus, tryton-server
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tryton-proteus | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tryton-server | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-26661
Medium priorityAn XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x...
2 affected packages
tryton-proteus, tryton-server
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tryton-proteus | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tryton-server | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2012-2238
Medium prioritytrytond 2.4: ModelView.button fails to validate authorization
1 affected packages
tryton-server
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tryton-server | — | — | — | — | — |
CVE-2019-10868
Medium priorityIn trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access...
1 affected packages
tryton-server
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tryton-server | Not affected | Vulnerable | Vulnerable | Not affected | Not affected |
CVE-2014-6633
Medium priorityThe safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via...
1 affected packages
tryton-server
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tryton-server | — | — | — | Not affected | Not affected |
CVE-2017-0360
Medium priorityfile_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an...
1 affected packages
tryton-server
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tryton-server | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2016-1242
Medium priorityfile_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or...
1 affected packages
tryton-server
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tryton-server | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2016-1241
Medium priorityTryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.
1 affected packages
tryton-server
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tryton-server | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2015-0861
Medium prioritySome fixes available 1 of 6
model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a...
1 affected packages
tryton-server
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tryton-server | — | — | — | Not affected | Not affected |
CVE-2012-0215
Medium prioritySome fixes available 1 of 5
model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the...
1 affected packages
tryton-server
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tryton-server | — | — | — | — | Not affected |