Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 10 results


CVE-2022-26662

Medium priority
Needs evaluation

An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus))...

2 affected packages

tryton-proteus, tryton-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tryton-proteus Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tryton-server Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-26661

Medium priority
Needs evaluation

An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x...

2 affected packages

tryton-proteus, tryton-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tryton-proteus Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tryton-server Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2012-2238

Medium priority
Not affected

trytond 2.4: ModelView.button fails to validate authorization

1 affected packages

tryton-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tryton-server
Show less packages

CVE-2019-10868

Medium priority
Vulnerable

In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access...

1 affected packages

tryton-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tryton-server Not affected Vulnerable Vulnerable Not affected Not affected
Show less packages

CVE-2014-6633

Medium priority
Ignored

The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via...

1 affected packages

tryton-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tryton-server Not affected Not affected
Show less packages

CVE-2017-0360

Medium priority
Vulnerable

file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an...

1 affected packages

tryton-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tryton-server Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2016-1242

Medium priority
Vulnerable

file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or...

1 affected packages

tryton-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tryton-server Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2016-1241

Medium priority
Vulnerable

Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.

1 affected packages

tryton-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tryton-server Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2015-0861

Medium priority

Some fixes available 1 of 6

model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a...

1 affected packages

tryton-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tryton-server Not affected Not affected
Show less packages

CVE-2012-0215

Medium priority

Some fixes available 1 of 5

model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the...

1 affected packages

tryton-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tryton-server Not affected
Show less packages