Vulnerabilities > Tryton > Trytond

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2022-26661 XXE vulnerability in multiple products
An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1.
network
low complexity
tryton debian CWE-611
6.5
2022-03-10 CVE-2022-26662 XML Entity Expansion vulnerability in multiple products
An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1.
network
low complexity
tryton debian CWE-776
7.5
2019-11-21 CVE-2012-2238 Incorrect Authorization vulnerability in Tryton Trytond 2.4.0/2.4.1
trytond 2.4: ModelView.button fails to validate authorization
network
low complexity
tryton CWE-863
7.5
2019-04-05 CVE-2019-10868 Missing Authorization vulnerability in multiple products
In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right.
network
low complexity
tryton debian CWE-862
6.5
2016-04-13 CVE-2015-0861 Permissions, Privileges, and Access Controls vulnerability in multiple products
model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.
network
low complexity
tryton debian CWE-264
4.3