9 matches found
CVE-2022-26662
CVE-2022-26662 describes an XML Entity Expansion (XEE) vulnerability in Tryton Application Platform (Server) and Proteus, allowing an unauthenticated attacker to send crafted XML-RPC to exhaust server resources. Affected ranges include Tryton Server 5.x up through 5.0.45, 6.x up through 6.0.15, 6...
CVE-2022-26661
CVE-2022-26661 is an XXE vulnerability in Tryton Application Platform (Server) and its proteus CLI client. The issue allows an authenticated user to have the server parse a crafted XML SEPA file to access arbitrary files on the system. Affected families include Tryton Server (5.x up to 5.0.45; 6....
CVE-2019-10868
CVE-2019-10868 affects Trytond (modelstorage.py) with multiple branches: Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6. An authenticated user can order records based on a field for which they have no access right, potentially enabling valu...
CVE-2015-0861
The CVE-2015-0861 entry affects trytond (models in modelstorage.py) across multiple series (3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, 3.8.x before 3.8.1). The vulnerability allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields by...
CVE-2012-0215
CVE-2012-0215 affects the Trytond application framework prior to 2.4.0 (Python). The flaw is an improper restriction on the Many2Many field in the relation model, allowing remote authenticated users to modify privileges of arbitrary users via rpc calls: (1) create, (2) write, (3) delete, or (4) c...
CVE-2012-2238
CVE-2012-2238 affects trytond 2.4: ModelView.button fails to validate authorization. Root cause is lack of proper authorization checks on that component. CVSS2 base score 5.0 (I:P) and CVSS3.1 base score 7.5 (I:H) indicate partial integrity impact under a network attack with low complexity and no...
CVE-2025-66422
CVE-2025-66422 affects Tryton trialdon t (Tryton core server) before version 7.6.11. The vulnerability allows remote attackers to obtain sensitive trace-back information from the server setup. Affected versions are Tryton trytond prior to 7.6.11, with fixes implemented in 7.6.11 as well as in 7.4...
CVE-2025-66424
CVE-2025-66424 affects Tryton trytond before 7.6.11 (also impacting 6.0.0–7.0 and 7.4 paths per disclosure), where data exports are not protected by access rights. Root cause: the component does not enforce access rights during data export. Impact per available data indicates potential exposure o...
CVE-2025-66423
CVE-2025-66423 affects Tryton’s Trytond server, specifically 6.0 before 7.6.11. The root cause is that the HTML editor route did not enforce access rights, allowing unauthorized access as described in multiple sources. The vulnerability is fixed in versions 7.6.11, 7.4.21, 7.0.40, and 6.0.70. Acc...