| CVE-2013-4510 |
high |
— |
7.8 |
|
|
|
13y ago |
Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a r… |
| CVE-2016-1241 |
medium |
5.3 |
5.3 |
|
|
|
4y ago |
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors. |
| CVE-2016-1242 |
medium |
4.4 |
4.4 |
|
|
|
10y ago |
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary file… |
| CVE-2014-6633 |
unknown |
— |
— |
|
|
|
4y ago |
The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary … |
| CVE-2022-26662 |
unknown |
— |
— |
|
|
|
4y ago |
An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (… |
| CVE-2022-26661 |
unknown |
— |
— |
|
|
|
4y ago |
An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (pr… |
| CVE-2018-19443 |
unknown |
— |
— |
|
|
|
8y ago |
The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but … |
