Nixpkgs security tracker

Permalink CVE-2012-2238

created 2 months ago Activity log

Created suggestion 2 months ago

trytond 2.4: ModelView.button fails to validate authorization

References

https://security-tracker.debian.org/tracker/CVE-2012-2238 x_transferredx_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/78435 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/09/11/10 x_transferredx_refsource_MISC
http://www.securityfocus.com/bid/55503 x_transferredx_refsource_MISC
http://hg.tryton.org/2.4/trytond/rev/279f0031b461 x_transferredx_refsource_MISC

Affected products

trytond

==≤ 2.4

Matching in nixpkgs

pkgs.trytond

Server of the Tryton application platform

nixos-unstable 7.8.1
- nixpkgs-unstable 7.8.1
- nixos-unstable-small 7.8.1
nixos-25.11 7.8.1
- nixos-25.11-small 7.8.1
- nixpkgs-25.11-darwin 7.8.1

pkgs.python312Packages.trytond

Server of the Tryton application platform

nixos-25.11 7.8.1
- nixos-25.11-small 7.8.1
- nixpkgs-25.11-darwin 7.8.1

pkgs.python313Packages.trytond

Server of the Tryton application platform

nixos-unstable 7.8.1
- nixpkgs-unstable 7.8.1
- nixos-unstable-small 7.8.1
nixos-25.11 7.8.1
- nixos-25.11-small 7.8.1
- nixpkgs-25.11-darwin 7.8.1

pkgs.python314Packages.trytond

Server of the Tryton application platform

nixos-unstable 7.8.1
- nixpkgs-unstable 7.8.1
- nixos-unstable-small 7.8.1

Package maintainers

@johbo Johannes Bornhold <johannes@bornhold.name>
@udono Udo Spallek <udono@virtual-things.biz>

Permalink CVE-2020-37014

6.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 2 months, 3 weeks ago Activity log

Created suggestion 2 months, 3 weeks ago

Tryton 5.4 - Persistent Cross-Site Scripting

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user interfaces.