Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tryton vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-26661
An XXE issue exists in Tryton Application Platform (Server) 5.x up to and including 5.0.45, 6.x up to and including 6.0.15, and 6.1.x and 6.2.x up to and including 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x up to and including 5.0.11, 6.x up to and...
Tryton Proteus
Tryton Trytond
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2022-26662
An XML Entity Expansion (XEE) issue exists in Tryton Application Platform (Server) 5.x up to and including 5.0.45, 6.x up to and including 6.0.15, and 6.1.x and 6.2.x up to and including 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x up to and includin...
Tryton Proteus
Tryton Trytond
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2012-2238
trytond 2.4: ModelView.button fails to validate authorization
Tryton Trytond
6.5
CVSSv3
CVE-2019-10868
In trytond/model/modelstorage.py in Tryton 4.2 prior to 4.2.21, 4.4 prior to 4.4.19, 4.6 prior to 4.6.14, 4.8 prior to 4.8.10, and 5.0 prior to 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess value...
Tryton Trytond
Debian Debian Linux 9.0
5.9
CVSSv3
CVE-2018-19443
The client in Tryton 5.x prior to 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could t...
Tryton Tryton 5.0.0
8.8
CVSSv3
CVE-2014-6633
The safe_eval function in trytond in Tryton prior to 2.4.15, 2.6.x prior to 2.6.14, 2.8.x prior to 2.8.11, 3.0.x prior to 3.0.7, and 3.2.x prior to 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the w...
Tryton Tryton
5.3
CVSSv3
CVE-2017-0360
file_open in Tryton 3.x and 4.x up to and including 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.
Tryton Tryton 3.2.8
Tryton Tryton 3.4.17
Tryton Tryton 3.8.14
Tryton Tryton 3.8.13
Tryton Tryton 3.4.4
Tryton Tryton 3.2.9
Tryton Tryton 3.2.16
Tryton Tryton 3.0.14
Tryton Tryton 3.6.14
Tryton Tryton 3.8.10
Tryton Tryton 3.8.4
Tryton Tryton 3.0.13
Tryton Tryton 3.2.10
Tryton Tryton 3.0.15
Tryton Tryton 3.0.3
Tryton Tryton 3.4.13
Tryton Tryton 3.8.2
Tryton Tryton 3.6.6
Tryton Tryton 3.0.10
Tryton Tryton 3.0.12
Tryton Tryton 3.0.7
Tryton Tryton 3.4.3
5.3
CVSSv3
CVE-2016-1241
Tryton 3.x prior to 3.2.17, 3.4.x prior to 3.4.14, 3.6.x prior to 3.6.12, 3.8.x prior to 3.8.8, and 4.x prior to 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.
Tryton Tryton 3.8.3
Tryton Tryton 3.8.1
Tryton Tryton 3.8.6
Tryton Tryton 3.8.5
Tryton Tryton 3.8.2
Tryton Tryton 3.8.0
Tryton Tryton 3.8.4
Tryton Tryton 3.8.7
Tryton Tryton 4.0.1
Tryton Tryton 4.0.3
Tryton Tryton 4.0.2
Tryton Tryton 4.0.0
Tryton Tryton
Tryton Tryton 3.6.10
Tryton Tryton 3.2.0
Tryton Tryton 3.6.2
Tryton Tryton 3.6.1
Tryton Tryton 3.6.11
Tryton Tryton 3.6.6
Tryton Tryton 3.6.8
Tryton Tryton 3.6.9
Tryton Tryton 3.6.0
4.4
CVSSv3
CVE-2016-1242
file_open in Tryton prior to 3.2.17, 3.4.x prior to 3.4.14, 3.6.x prior to 3.6.12, 3.8.x prior to 3.8.8, and 4.x prior to 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
Tryton Tryton 4.0.3
Tryton Tryton 4.0.2
Tryton Tryton 4.0.0
Tryton Tryton 4.0.1
Tryton Tryton
Tryton Tryton 3.8.7
Tryton Tryton 3.8.0
Tryton Tryton 3.8.3
Tryton Tryton 3.8.1
Tryton Tryton 3.8.6
Tryton Tryton 3.8.5
Tryton Tryton 3.8.4
Tryton Tryton 3.8.2
Tryton Tryton 3.4.2
Tryton Tryton 3.4.5
Tryton Tryton 3.4.13
Tryton Tryton 3.4.0
Tryton Tryton 3.4.11
Tryton Tryton 3.4.9
Tryton Tryton 3.4.12
Tryton Tryton 3.4.4
Tryton Tryton 3.4.1
4.3
CVSSv3
CVE-2015-0861
model/modelstorage.py in trytond 3.2.x prior to 3.2.10, 3.4.x prior to 3.4.8, 3.6.x prior to 3.6.5, and 3.8.x prior to 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.
Tryton Trytond
Debian Debian Linux 8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »