| CVE-2012-0215 |
medium |
— |
5.5 |
|
|
|
14y ago |
model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authent… |
| CVE-2016-1241 |
medium |
5.3 |
5.3 |
|
|
|
4y ago |
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors. |
| CVE-2017-0360 |
medium |
5.3 |
5.3 |
|
|
|
4y ago |
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerabil… |
| CVE-2016-1242 |
medium |
4.4 |
4.4 |
|
|
|
10y ago |
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary file… |
| CVE-2015-0861 |
medium |
4.3 |
4.3 |
|
|
|
10y ago |
model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write… |
