Lucene search
K
TrytonTrytond

9 matches found

CVE
CVE
added 2022/03/07 10:40 p.m.154 views

CVE-2022-26662

CVE-2022-26662 describes an XML Entity Expansion (XEE) vulnerability in Tryton Application Platform (Server) and Proteus, allowing an unauthenticated attacker to send crafted XML-RPC to exhaust server resources. Affected ranges include Tryton Server 5.x up through 5.0.45, 6.x up through 6.0.15, 6...

7.5CVSS7.2AI score0.01927EPSS
CVE
CVE
added 2022/03/07 10:40 p.m.147 views

CVE-2022-26661

CVE-2022-26661 is an XXE vulnerability in Tryton Application Platform (Server) and its proteus CLI client. The issue allows an authenticated user to have the server parse a crafted XML SEPA file to access arbitrary files on the system. Affected families include Tryton Server (5.x up to 5.0.45; 6....

6.5CVSS6.5AI score0.01374EPSS
CVE
CVE
added 2019/04/05 12:25 a.m.93 views

CVE-2019-10868

CVE-2019-10868 affects Trytond (modelstorage.py) with multiple branches: Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6. An authenticated user can order records based on a field for which they have no access right, potentially enabling valu...

6.5CVSS6.1AI score0.01277EPSS
CVE
CVE
added 2016/04/13 3:0 p.m.81 views

CVE-2015-0861

The CVE-2015-0861 entry affects trytond (models in modelstorage.py) across multiple series (3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, 3.8.x before 3.8.1). The vulnerability allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields by...

4.3CVSS4.3AI score0.0115EPSS
CVE
CVE
added 2012/07/12 8:0 p.m.62 views

CVE-2012-0215

CVE-2012-0215 affects the Trytond application framework prior to 2.4.0 (Python). The flaw is an improper restriction on the Many2Many field in the relation model, allowing remote authenticated users to modify privileges of arbitrary users via rpc calls: (1) create, (2) write, (3) delete, or (4) c...

5.5CVSS6.2AI score0.01966EPSS
CVE
CVE
added 2019/11/21 1:47 p.m.47 views

CVE-2012-2238

CVE-2012-2238 affects trytond 2.4: ModelView.button fails to validate authorization. Root cause is lack of proper authorization checks on that component. CVSS2 base score 5.0 (I:P) and CVSS3.1 base score 7.5 (I:H) indicate partial integrity impact under a network attack with low complexity and no...

7.5CVSS7.3AI score0.01763EPSS
CVE
CVE
added 2025/11/30 12:0 a.m.23 views

CVE-2025-66422

CVE-2025-66422 affects Tryton trialdon t (Tryton core server) before version 7.6.11. The vulnerability allows remote attackers to obtain sensitive trace-back information from the server setup. Affected versions are Tryton trytond prior to 7.6.11, with fixes implemented in 7.6.11 as well as in 7.4...

4.3CVSS6.3AI score0.00251EPSS
CVE
CVE
added 2025/11/30 12:0 a.m.19 views

CVE-2025-66424

CVE-2025-66424 affects Tryton trytond before 7.6.11 (also impacting 6.0.0–7.0 and 7.4 paths per disclosure), where data exports are not protected by access rights. Root cause: the component does not enforce access rights during data export. Impact per available data indicates potential exposure o...

6.5CVSS6.5AI score0.00208EPSS
CVE
CVE
added 2025/11/30 12:0 a.m.18 views

CVE-2025-66423

CVE-2025-66423 affects Tryton’s Trytond server, specifically 6.0 before 7.6.11. The root cause is that the HTML editor route did not enforce access rights, allowing unauthorized access as described in multiple sources. The vulnerability is fixed in versions 7.6.11, 7.4.21, 7.0.40, and 6.0.70. Acc...

7.1CVSS6.3AI score0.00196EPSS