Lucene search
+L

358 matches found

OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.18 views

Debian: Security Advisory (DLA-607-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.4CVSS5AI score0.01819EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.12 views

Debian: Security Advisory (DLA-70-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9CVSS8.9AI score0.02605EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.15 views

Debian: Security Advisory (DSA-3043-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9CVSS8.9AI score0.02605EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:8 a.m.3 views

SUSE CVE-2016-1241

Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors...

5.3CVSS5.4AI score0.01587EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:8 a.m.3 views

SUSE CVE-2016-1242

fileopen in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors...

4.4CVSS5.2AI score0.01819EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:53 a.m.4 views

SUSE CVE-2017-0360

fileopen in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242...

5.3CVSS5.2AI score0.01541EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.4 views

SUSE CVE-2018-19443

The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a...

5.9CVSS5.7AI score0.00856EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:27 a.m.4 views

SUSE CVE-2022-26662

An XML Entity Expansion XEE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. A...

7.5CVSS7.5AI score0.01927EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:27 a.m.3 views

SUSE CVE-2022-26661

An XXE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user...

6.5CVSS6.4AI score0.01374EPSS
Exploits1References3
OSV
OSV
added 2022/05/17 4:58 a.m.5 views

GHSA-QJMC-WWMW-CQ9R Tryton Directory Traversal vulnerability

Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report...

8.7CVSS6.5AI score0.02137EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2022/05/17 4:58 a.m.14 views

Tryton Directory Traversal vulnerability

Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report...

7.8CVSS6.9AI score0.02137EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2022/05/17 3:49 a.m.6 views

GHSA-52J9-V3JC-9XGC Tryton allows users to read the hashed password

Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors...

6CVSS5AI score0.01587EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2022/05/17 3:49 a.m.19 views

Tryton allows users to read the hashed password

Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors...

5.3CVSS6.5AI score0.01587EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2022/05/17 3:5 a.m.4 views

GHSA-JPR7-8RXM-4VGX Tryton allow authenticated users with certain permissions to read arbitrary files via the name parameter

fileopen in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors...

5.9CVSS4.6AI score0.01819EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/17 3:5 a.m.25 views

Tryton allow authenticated users with certain permissions to read arbitrary files via the name parameter

fileopen in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors...

4.4CVSS5.1AI score0.01819EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/14 3:21 a.m.3 views

GHSA-M9JJ-5QVJ-5FHX Tryton vulnerable to arbitrary command execution

The safeeval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula...

8.8CVSS8.8AI score0.02605EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/14 3:21 a.m.30 views

Tryton vulnerable to arbitrary command execution

The safeeval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula...

9CVSS7.4AI score0.02605EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2022/05/13 1:39 a.m.23 views

GHSA-7CWG-2575-3546 Tryton Information Disclosure Vulnerability

fileopen in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242...

6CVSS4.8AI score0.01541EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/13 1:39 a.m.17 views

Tryton Information Disclosure Vulnerability

fileopen in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242...

5.3CVSS4.7AI score0.01541EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/05/04 12:28 a.m.18 views

GHSA-CQG4-RF29-3MV6 Trytond allows modification of privileges of arbitrary users

model/modelstorage.py in the Tryton application framework trytond before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a 1 create, 2 write, 3 delete, or 4 cop...

7.1CVSS6AI score0.01966EPSS
Exploits2References9
Rows per page
Query Builder