Skip to main content

Tryton

5 CVEs product

Monthly

CVE-2018-19443 PyPI MEDIUM PATCH This Month

The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Session Fixation Information Disclosure Tryton
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2017-0360 PyPI MEDIUM PATCH This Month

file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Tryton
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-1242 PyPI MEDIUM PATCH This Month

file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tryton
NVD
CVSS 3.0
4.4
EPSS
0.2%
CVE-2016-1241 PyPI MEDIUM PATCH This Month

Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tryton
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2013-4510 PyPI HIGH POC PATCH This Week

Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Tryton
NVD
CVSS 2.0
7.8
EPSS
0.8%
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Session Fixation Information Disclosure Tryton
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Tryton
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tryton
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tryton
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Tryton
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy