CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-26661 – Debian Security Advisory 5099-1
https://notcve.org/view.php?id=CVE-2022-26661
07 Mar 2022 — An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system. Se ha detectado un problema de tipo XXE en Tryton Application Platform (Server) versiones 5.x hasta 5.0.45, versiones ... • https://bugs.tryton.org/issue11219 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 3%CPEs: 9EXPL: 0CVE-2022-26662 – Debian Security Advisory 5099-1
https://notcve.org/view.php?id=CVE-2022-26662
07 Mar 2022 — An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server. Se ha detectado un problema de tipo XML Entity Expansion (XEE) en Tryton Application Platform (Server) ve... • https://bugs.tryton.org/issue11244 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-2238
https://notcve.org/view.php?id=CVE-2012-2238
21 Nov 2019 — trytond 2.4: ModelView.button fails to validate authorization trytond versión 2.4: ModelView.button presenta un fallo al comprobar la autorización. • http://hg.tryton.org/2.4/trytond/rev/279f0031b461 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-10868 – Debian Security Advisory 4426-1
https://notcve.org/view.php?id=CVE-2019-10868
05 Apr 2019 — In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values. En trytond/model/modelstorage.py en Tryton, en las versiones 4.2 anteriores a la 4.2.21, las 4.4 anteriores a la 4.4.19, las 4.6 anteriores a la 4.6.14, las 4.8 anteriores a la 4.8.10 y las .50 anteriores a la 5.0.6, un usuario no autentic... • https://discuss.tryton.org/t/security-release-for-issue8189/1262 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 1CVE-2015-0861 – Debian Security Advisory 3425-1
https://notcve.org/view.php?id=CVE-2015-0861
17 Dec 2015 — model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records. model/modelstorage.py en trytond 3.2.x en versiones anteriores a 3.2.10, 3.4.x en versiones anteriores a 3.4.8, 3.6.x en versiones anteriores a 3.6.5 y 3.8.x en versiones anteriores a 3.8.1 permite a usuarios remotos autenticados eludir las restricciones destinadas... • http://www.debian.org/security/2015/dsa-3425 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2012-0215
https://notcve.org/view.php?id=CVE-2012-0215
12 Jul 2012 — model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call. model/modelstorage.py en el framework Tryton (trytond) anterior a v2.4.0 para Python no restringe correcteamente el acceso a el campo Many2Many en el modelo relacional, lo cual permite a usuari... • http://hg.tryton.org/trytond/rev/8e64d52ecea4 • CWE-264: Permissions, Privileges, and Access Controls •