NotCVE - vendor:"Tryton" product:"Tryton" version:" >= 2.6.0

3 results (0.003 seconds)

CVSS: 9.0EPSS: 1%CPEs: 5EXPL: 0

CVE-2014-6633

https://notcve.org/view.php?id=CVE-2014-6633

12 Apr 2018 — The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module. La función safe_eval en trytond en Tryton, en versiones anteriores a la 2.4.15, versiones 2.6.x anteriores a la 2.6.14, versiones 2.8.x anteriores a la 2.8.11, versiones 3.0.x an... • http://www.tryton.org/posts/security-release-for-issue4155.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 5.3EPSS: 0%CPEs: 41EXPL: 0

CVE-2016-1241

https://notcve.org/view.php?id=CVE-2016-1241

07 Sep 2016 — Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors. Tryton 3.x en versiones anteriores a 3.2.17, 3.4.x en versiones anteriores a 3.4.14, 3.6.x en versiones anteriores a 3.6.12, 3.8.x en versiones anteriores a 3.8.8 y 4.x en versiones anteriores a 4.0.4 permiten a usuarios remotos autenticados descubrir hashes de contraseñas de usuario a través de vectores no esp... • http://www.debian.org/security/2016/dsa-3656 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.4EPSS: 0%CPEs: 41EXPL: 0

CVE-2016-1242

https://notcve.org/view.php?id=CVE-2016-1242

07 Sep 2016 — file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors. file_open en Tryton en versiones anteriores a 3.2.17, 3.4.x en versiones anteriores a 3.4.14, 3.6.x en versiones anteriores a 3.6.12, 3.8.x en versiones anteriores a 3.8.8 y 4.x en versiones anteriores a 4.0.4 permite a usuarios remotos autenticados con cier... • http://www.debian.org/security/2016/dsa-3656 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •