Tryton

tryton

Vendor: Tryton • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-19443 1Tryton 1Tryton Nov 21, 2024 Nov 22, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the he...Show more The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a man-in-the-middle.Show less
CVE-2014-6633 1Tryton 1Tryton Nov 21, 2024 Apr 12, 2018 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell me...Show more The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module.Show less
CVE-2017-0360 1Tryton 1Tryton May 13, 2026 Apr 4, 2017 N/A· v4 5.3 MEDIUM· v3 3.5 LOW· v2 file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of...Show more file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.Show less
CVE-2016-1242 1Tryton 1Tryton May 6, 2026 Sep 7, 2016 N/A· v4 4.4 MEDIUM· v3 4.0 MEDIUM· v2 file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parame...Show more file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.Show less
CVE-2016-1241 1Tryton 1Tryton May 6, 2026 Sep 7, 2016 N/A· v4 5.3 MEDIUM· v3 3.5 LOW· v2 Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.
CVE-2013-4510 1Tryton 1Tryton Apr 29, 2026 Nov 18, 2013 N/A· v4 N/A· v3 7.8 HIGH· v2 Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report.