Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tryton trytond vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2014-6633
The safe_eval function in trytond in Tryton prior to 2.4.15, 2.6.x prior to 2.6.14, 2.8.x prior to 2.8.11, 3.0.x prior to 3.0.7, and 3.2.x prior to 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the w...
Tryton Tryton
7.5
CVSSv3
CVE-2022-26662
An XML Entity Expansion (XEE) issue exists in Tryton Application Platform (Server) 5.x up to and including 5.0.45, 6.x up to and including 6.0.15, and 6.1.x and 6.2.x up to and including 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x up to and includin...
Tryton Proteus
Tryton Trytond
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2012-2238
trytond 2.4: ModelView.button fails to validate authorization
Tryton Trytond
6.5
CVSSv3
CVE-2022-26661
An XXE issue exists in Tryton Application Platform (Server) 5.x up to and including 5.0.45, 6.x up to and including 6.0.15, and 6.1.x and 6.2.x up to and including 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x up to and including 5.0.11, 6.x up to and...
Tryton Proteus
Tryton Trytond
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.5
CVSSv3
CVE-2019-10868
In trytond/model/modelstorage.py in Tryton 4.2 prior to 4.2.21, 4.4 prior to 4.4.19, 4.6 prior to 4.6.14, 4.8 prior to 4.8.10, and 5.0 prior to 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess value...
Tryton Trytond
Debian Debian Linux 9.0
4.3
CVSSv3
CVE-2015-0861
model/modelstorage.py in trytond 3.2.x prior to 3.2.10, 3.4.x prior to 3.4.8, 3.6.x prior to 3.6.5, and 3.8.x prior to 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.
Tryton Trytond
Debian Debian Linux 8.0
NA
CVE-2012-0215
model/modelstorage.py in the Tryton application framework (trytond) prior to 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) ...
Tryton Trytond 2.0.5
Tryton Trytond 1.8.7
Tryton Trytond 1.4.13
Tryton Trytond 1.6.8
Tryton Trytond
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started