Python/tryton/5.0.0
Tryton desktop client
https://pypi.org/project/tryton
GPL-3.0-only AND GPL
2 Security Vulnerabilities
Session Fixation in Tryton
Published date: 2018-11-29T21:30:56Z
CVE: CVE-2018-19443
Links:
The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a man-in-the-middle.
Affected versions: ["5.0.0"]
Secure versions: [2.4.15, 2.4.16, 2.6.14, 2.6.15, 2.6.16, 2.8.11, 2.8.12, 2.8.13, 2.8.14, 2.8.15, 2.8.16, 3.0.0, 3.0.1, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.2.10, 3.2.11, 3.2.12, 3.2.13, 3.2.14, 3.2.15, 3.2.16, 3.2.17, 3.2.18, 3.2.19, 3.2.20, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.4.0, 3.4.1, 3.4.10, 3.4.11, 3.4.12, 3.4.13, 3.4.14, 3.4.15, 3.4.16, 3.4.17, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.4.6, 3.4.7, 3.4.8, 3.4.9, 3.6.0, 3.6.1, 3.6.10, 3.6.11, 3.6.12, 3.6.13, 3.6.14, 3.6.15, 3.6.16, 3.6.17, 3.6.18, 3.6.19, 3.6.2, 3.6.20, 3.6.3, 3.6.4, 3.6.5, 3.6.6, 3.6.7, 3.6.8, 3.6.9, 3.8.0, 3.8.1, 3.8.10, 3.8.11, 3.8.12, 3.8.13, 3.8.14, 3.8.15, 3.8.16, 3.8.17, 3.8.18, 3.8.19, 3.8.2, 3.8.20, 3.8.21, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.8.7, 3.8.8, 3.8.9, 4.0.0, 4.0.1, 4.0.10, 4.0.11, 4.0.12, 4.0.13, 4.0.14, 4.0.15, 4.0.16, 4.0.17, 4.0.18, 4.0.19, 4.0.2, 4.0.20, 4.0.21, 4.0.22, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.2.21, 4.2.22, 4.2.23, 4.2.24, 4.2.25, 4.4.19, 4.4.20, 4.4.21, 4.4.22, 4.4.23, 4.4.24, 4.4.25, 4.4.26, 4.6.14, 4.6.15, 4.6.16, 4.6.17, 4.6.18, 4.6.19, 4.6.20, 4.6.21, 4.6.22, 4.6.23, 4.6.24, 4.8.10, 4.8.11, 4.8.12, 4.8.13, 4.8.14, 4.8.15, 4.8.16, 4.8.17, 4.8.18, 4.8.19, 4.8.20, 4.8.21, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 5.0.19, 5.0.20, 5.0.21, 5.0.22, 5.0.23, 5.0.24, 5.0.25, 5.0.26, 5.0.27, 5.0.28, 5.0.29, 5.0.30, 5.0.31, 5.0.32, 5.0.33, 5.0.34, 5.0.35, 5.0.36, 5.0.37, 5.0.38, 5.0.39, 5.0.40, 5.0.41, 5.0.42, 5.0.43, 5.0.44, 5.0.45, 5.0.46, 5.0.47, 5.0.48, 5.0.49, 5.0.50, 5.0.51, 5.0.52, 5.0.53, 5.0.54, 5.0.55, 5.0.56, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.2.0, 5.2.1, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 5.2.15, 5.2.16, 5.2.17, 5.2.18, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.4.0, 5.4.1, 5.4.10, 5.4.11, 5.4.12, 5.4.13, 5.4.14, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.4.6, 5.4.7, 5.4.8, 5.4.9, 5.6.0, 5.6.1, 5.6.10, 5.6.11, 5.6.12, 5.6.13, 5.6.14, 5.6.15, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.8, 5.6.9, 5.8.0, 5.8.1, 5.8.10, 5.8.11, 5.8.12, 5.8.13, 5.8.14, 5.8.15, 5.8.16, 5.8.17, 5.8.2, 5.8.3, 5.8.4, 5.8.5, 5.8.6, 5.8.7, 5.8.8, 5.8.9, 6.0.0, 6.0.1, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.0.19, 6.0.2, 6.0.20, 6.0.21, 6.0.22, 6.0.23, 6.0.24, 6.0.25, 6.0.26, 6.0.27, 6.0.28, 6.0.29, 6.0.3, 6.0.30, 6.0.31, 6.0.32, 6.0.33, 6.0.34, 6.0.35, 6.0.36, 6.0.37, 6.0.38, 6.0.39, 6.0.4, 6.0.40, 6.0.41, 6.0.42, 6.0.43, 6.0.44, 6.0.45, 6.0.46, 6.0.47, 6.0.48, 6.0.49, 6.0.5, 6.0.50, 6.0.51, 6.0.52, 6.0.53, 6.0.54, 6.0.55, 6.0.56, 6.0.57, 6.0.58, 6.0.59, 6.0.6, 6.0.60, 6.0.61, 6.0.7, 6.0.8, 6.0.9, 6.2.0, 6.2.1, 6.2.10, 6.2.11, 6.2.12, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.4.0, 6.4.1, 6.4.10, 6.4.11, 6.4.12, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.6.0, 6.6.1, 6.6.10, 6.6.11, 6.6.12, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.8.0, 6.8.1, 6.8.10, 6.8.11, 6.8.12, 6.8.13, 6.8.14, 6.8.2, 6.8.3, 6.8.4, 6.8.5, 6.8.6, 6.8.7, 6.8.8, 6.8.9, 7.0.0, 7.0.1, 7.0.10, 7.0.11, 7.0.12, 7.0.13, 7.0.14, 7.0.15, 7.0.16, 7.0.17, 7.0.18, 7.0.19, 7.0.2, 7.0.20, 7.0.21, 7.0.22, 7.0.23, 7.0.24, 7.0.25, 7.0.26, 7.0.27, 7.0.28, 7.0.29, 7.0.3, 7.0.30, 7.0.31, 7.0.32, 7.0.33, 7.0.34, 7.0.35, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.2.0, 7.2.1, 7.2.10, 7.2.11, 7.2.12, 7.2.13, 7.2.14, 7.2.15, 7.2.16, 7.2.17, 7.2.18, 7.2.19, 7.2.2, 7.2.20, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.4.0, 7.4.1, 7.4.10, 7.4.11, 7.4.12, 7.4.13, 7.4.14, 7.4.15, 7.4.2, 7.4.3, 7.4.4, 7.4.5, 7.4.6, 7.4.7, 7.4.8, 7.4.9, 7.6.0, 7.6.1, 7.6.10, 7.6.11, 7.6.2, 7.6.3, 7.6.4, 7.6.5, 7.6.6, 7.6.7, 7.6.8, 7.6.9, 7.8.0, 7.8.1, 7.8.2, 7.8.3, 7.8.4, 7.8.5]
Recommendation: Update to version 7.8.5.
Moderate severity vulnerability that affects tryton
Published date: 2019-04-10T14:31:37Z
CVE: CVE-2019-10868
Links:
In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values.
Affected versions: ["5.0.0", "5.0.1", "5.0.2", "5.0.3", "5.0.4", "5.0.5", "4.8.0", "4.8.1", "4.8.2", "4.8.3", "4.8.4", "4.8.5", "4.8.6", "4.8.7", "4.8.8", "4.8.9", "4.6.0", "4.6.1", "4.6.10", "4.6.11", "4.6.12", "4.6.13", "4.6.2", "4.6.3", "4.6.4", "4.6.5", "4.6.6", "4.6.7", "4.6.8", "4.6.9", "4.4.0", "4.4.1", "4.4.10", "4.4.11", "4.4.12", "4.4.13", "4.4.14", "4.4.15", "4.4.16", "4.4.17", "4.4.18", "4.4.2", "4.4.3", "4.4.4", "4.4.5", "4.4.6", "4.4.7", "4.4.8", "4.4.9", "4.2.0", "4.2.1", "4.2.10", "4.2.11", "4.2.12", "4.2.13", "4.2.14", "4.2.15", "4.2.16", "4.2.17", "4.2.18", "4.2.19", "4.2.20", "4.2.3", "4.2.4", "4.2.5", "4.2.6", "4.2.7", "4.2.8", "4.2.9"]
Secure versions: [2.4.15, 2.4.16, 2.6.14, 2.6.15, 2.6.16, 2.8.11, 2.8.12, 2.8.13, 2.8.14, 2.8.15, 2.8.16, 3.0.0, 3.0.1, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.2.10, 3.2.11, 3.2.12, 3.2.13, 3.2.14, 3.2.15, 3.2.16, 3.2.17, 3.2.18, 3.2.19, 3.2.20, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.4.0, 3.4.1, 3.4.10, 3.4.11, 3.4.12, 3.4.13, 3.4.14, 3.4.15, 3.4.16, 3.4.17, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.4.6, 3.4.7, 3.4.8, 3.4.9, 3.6.0, 3.6.1, 3.6.10, 3.6.11, 3.6.12, 3.6.13, 3.6.14, 3.6.15, 3.6.16, 3.6.17, 3.6.18, 3.6.19, 3.6.2, 3.6.20, 3.6.3, 3.6.4, 3.6.5, 3.6.6, 3.6.7, 3.6.8, 3.6.9, 3.8.0, 3.8.1, 3.8.10, 3.8.11, 3.8.12, 3.8.13, 3.8.14, 3.8.15, 3.8.16, 3.8.17, 3.8.18, 3.8.19, 3.8.2, 3.8.20, 3.8.21, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.8.7, 3.8.8, 3.8.9, 4.0.0, 4.0.1, 4.0.10, 4.0.11, 4.0.12, 4.0.13, 4.0.14, 4.0.15, 4.0.16, 4.0.17, 4.0.18, 4.0.19, 4.0.2, 4.0.20, 4.0.21, 4.0.22, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.2.21, 4.2.22, 4.2.23, 4.2.24, 4.2.25, 4.4.19, 4.4.20, 4.4.21, 4.4.22, 4.4.23, 4.4.24, 4.4.25, 4.4.26, 4.6.14, 4.6.15, 4.6.16, 4.6.17, 4.6.18, 4.6.19, 4.6.20, 4.6.21, 4.6.22, 4.6.23, 4.6.24, 4.8.10, 4.8.11, 4.8.12, 4.8.13, 4.8.14, 4.8.15, 4.8.16, 4.8.17, 4.8.18, 4.8.19, 4.8.20, 4.8.21, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 5.0.19, 5.0.20, 5.0.21, 5.0.22, 5.0.23, 5.0.24, 5.0.25, 5.0.26, 5.0.27, 5.0.28, 5.0.29, 5.0.30, 5.0.31, 5.0.32, 5.0.33, 5.0.34, 5.0.35, 5.0.36, 5.0.37, 5.0.38, 5.0.39, 5.0.40, 5.0.41, 5.0.42, 5.0.43, 5.0.44, 5.0.45, 5.0.46, 5.0.47, 5.0.48, 5.0.49, 5.0.50, 5.0.51, 5.0.52, 5.0.53, 5.0.54, 5.0.55, 5.0.56, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.2.0, 5.2.1, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 5.2.15, 5.2.16, 5.2.17, 5.2.18, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.4.0, 5.4.1, 5.4.10, 5.4.11, 5.4.12, 5.4.13, 5.4.14, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.4.6, 5.4.7, 5.4.8, 5.4.9, 5.6.0, 5.6.1, 5.6.10, 5.6.11, 5.6.12, 5.6.13, 5.6.14, 5.6.15, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.8, 5.6.9, 5.8.0, 5.8.1, 5.8.10, 5.8.11, 5.8.12, 5.8.13, 5.8.14, 5.8.15, 5.8.16, 5.8.17, 5.8.2, 5.8.3, 5.8.4, 5.8.5, 5.8.6, 5.8.7, 5.8.8, 5.8.9, 6.0.0, 6.0.1, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.0.19, 6.0.2, 6.0.20, 6.0.21, 6.0.22, 6.0.23, 6.0.24, 6.0.25, 6.0.26, 6.0.27, 6.0.28, 6.0.29, 6.0.3, 6.0.30, 6.0.31, 6.0.32, 6.0.33, 6.0.34, 6.0.35, 6.0.36, 6.0.37, 6.0.38, 6.0.39, 6.0.4, 6.0.40, 6.0.41, 6.0.42, 6.0.43, 6.0.44, 6.0.45, 6.0.46, 6.0.47, 6.0.48, 6.0.49, 6.0.5, 6.0.50, 6.0.51, 6.0.52, 6.0.53, 6.0.54, 6.0.55, 6.0.56, 6.0.57, 6.0.58, 6.0.59, 6.0.6, 6.0.60, 6.0.61, 6.0.7, 6.0.8, 6.0.9, 6.2.0, 6.2.1, 6.2.10, 6.2.11, 6.2.12, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.4.0, 6.4.1, 6.4.10, 6.4.11, 6.4.12, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.6.0, 6.6.1, 6.6.10, 6.6.11, 6.6.12, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.8.0, 6.8.1, 6.8.10, 6.8.11, 6.8.12, 6.8.13, 6.8.14, 6.8.2, 6.8.3, 6.8.4, 6.8.5, 6.8.6, 6.8.7, 6.8.8, 6.8.9, 7.0.0, 7.0.1, 7.0.10, 7.0.11, 7.0.12, 7.0.13, 7.0.14, 7.0.15, 7.0.16, 7.0.17, 7.0.18, 7.0.19, 7.0.2, 7.0.20, 7.0.21, 7.0.22, 7.0.23, 7.0.24, 7.0.25, 7.0.26, 7.0.27, 7.0.28, 7.0.29, 7.0.3, 7.0.30, 7.0.31, 7.0.32, 7.0.33, 7.0.34, 7.0.35, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.2.0, 7.2.1, 7.2.10, 7.2.11, 7.2.12, 7.2.13, 7.2.14, 7.2.15, 7.2.16, 7.2.17, 7.2.18, 7.2.19, 7.2.2, 7.2.20, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.4.0, 7.4.1, 7.4.10, 7.4.11, 7.4.12, 7.4.13, 7.4.14, 7.4.15, 7.4.2, 7.4.3, 7.4.4, 7.4.5, 7.4.6, 7.4.7, 7.4.8, 7.4.9, 7.6.0, 7.6.1, 7.6.10, 7.6.11, 7.6.2, 7.6.3, 7.6.4, 7.6.5, 7.6.6, 7.6.7, 7.6.8, 7.6.9, 7.8.0, 7.8.1, 7.8.2, 7.8.3, 7.8.4, 7.8.5]
Recommendation: Update to version 7.8.5.
684 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 1.6.1 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.6.0 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.4.10 | GPL-3.0-only AND GPL | 1 | 2012-05-07 - 11:03 | almost 14 years |
| 1.4.9 | GPL-3.0-only AND GPL | 1 | 2011-12-26 - 10:35 | over 14 years |
| 1.4.8 | GPL-3.0-only AND GPL | 1 | 2011-10-01 - 14:14 | over 14 years |
| 1.4.7 | GPL-3.0-only AND GPL | 1 | 2011-05-29 - 14:16 | almost 15 years |
| 1.4.6 | GPL-3.0-only AND GPL | 1 | 2011-02-13 - 17:29 | about 15 years |
| 1.4.5 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.4.4 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.4.3 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.4.2 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.4.1 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.4.0 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.2.10 | GPL-3.0-only AND GPL | 1 | 2011-10-01 - 14:13 | over 14 years |
| 1.2.9 | GPL-3.0-only AND GPL | 1 | 2011-05-29 - 14:08 | almost 15 years |
| 1.2.8 | GPL-3.0-only AND GPL | 1 | 2011-02-13 - 17:27 | about 15 years |
| 1.2.7 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.2.6 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.2.5 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.2.4 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.2.3 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.2.2 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.2.1 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.2.0 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.0.9 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.0.8 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.0.7 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.0.6 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.0.5 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.0.4 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.0.3 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.0.2 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.0.1 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |
| 1.0.0 | GPL-3.0-only AND GPL | 1 | 1970-01-01 - 00:00 | over 56 years |