Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-1241 (GCVE-0-2016-1241)
Vulnerability from cvelistv5 – Published: 2016-09-07 19:00 – Updated: 2024-08-05 22:48
VLAI?
EPSS
Summary
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.tryton.org/issue5795"
},
{
"name": "DSA-3656",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3656"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-09-07T18:57:02.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.tryton.org/issue5795"
},
{
"name": "DSA-3656",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3656"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html",
"refsource": "CONFIRM",
"url": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"
},
{
"name": "https://bugs.tryton.org/issue5795",
"refsource": "CONFIRM",
"url": "https://bugs.tryton.org/issue5795"
},
{
"name": "DSA-3656",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3656"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1241",
"datePublished": "2016-09-07T19:00:00.000Z",
"dateReserved": "2015-12-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:48:13.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-52J9-V3JC-9XGC
Vulnerability from github – Published: 2022-05-17 03:49 – Updated: 2024-11-22 18:20
VLAI?
Summary
Tryton allows users to read the hashed password
Details
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.
Severity ?
5.3 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "trytond"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.2.17"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "trytond"
},
"ranges": [
{
"events": [
{
"introduced": "3.4.0"
},
{
"fixed": "3.4.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "trytond"
},
"ranges": [
{
"events": [
{
"introduced": "3.8.0"
},
{
"fixed": "3.8.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "trytond"
},
"ranges": [
{
"events": [
{
"introduced": "3.6.0"
},
{
"fixed": "3.6.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "trytond"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.0.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-1241"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-29T16:35:59Z",
"nvd_published_at": "2016-09-07T19:28:00Z",
"severity": "MODERATE"
},
"details": "Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.",
"id": "GHSA-52j9-v3jc-9xgc",
"modified": "2024-11-22T18:20:17Z",
"published": "2022-05-17T03:49:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1241"
},
{
"type": "WEB",
"url": "https://github.com/tryton/trytond/commit/11424d57b7838381745655e2e89470ff9087cd27"
},
{
"type": "WEB",
"url": "https://github.com/tryton/trytond/commit/30d2a6dcaf09340829cd70ee8a15a4941ca7161a"
},
{
"type": "WEB",
"url": "https://bugs.tryton.org/issue5795"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tryton/PYSEC-2016-40.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/trytond/PYSEC-2016-12.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tryton/trytond"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3656"
},
{
"type": "WEB",
"url": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Tryton allows users to read the hashed password"
}
PYSEC-2016-12
Vulnerability from pysec - Published: 2016-09-07 19:28 - Updated: 2021-10-12 02:55
VLAI?
Details
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.
Impacted products
| Name | purl | trytond | pkg:pypi/trytond |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "trytond",
"purl": "pkg:pypi/trytond"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.17"
},
{
"introduced": "3.4"
},
{
"fixed": "3.4.14"
},
{
"introduced": "3.6"
},
{
"fixed": "3.6.12"
},
{
"introduced": "3.8"
},
{
"fixed": "3.8.8"
},
{
"introduced": "4.0"
},
{
"fixed": "4.0.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0.0",
"1.0.1",
"1.0.2",
"1.0.3",
"1.0.4",
"1.0.5",
"1.0.6",
"1.0.7",
"1.0.8",
"1.0.9",
"1.2.0",
"1.2.1",
"1.2.10",
"1.2.2",
"1.2.3",
"1.2.4",
"1.2.5",
"1.2.6",
"1.2.7",
"1.2.8",
"1.2.9",
"1.4.0",
"1.4.1",
"1.4.10",
"1.4.11",
"1.4.12",
"1.4.13",
"1.4.2",
"1.4.3",
"1.4.4",
"1.4.5",
"1.4.6",
"1.4.7",
"1.4.8",
"1.4.9",
"1.6.0",
"1.6.1",
"1.6.10",
"1.6.2",
"1.6.3",
"1.6.4",
"1.6.5",
"1.6.6",
"1.6.7",
"1.6.8",
"1.6.9",
"1.8.0",
"1.8.1",
"1.8.10",
"1.8.11",
"1.8.2",
"1.8.3",
"1.8.4",
"1.8.5",
"1.8.6",
"1.8.7",
"1.8.8",
"1.8.9",
"2.0.0",
"2.0.1",
"2.0.10",
"2.0.11",
"2.0.12",
"2.0.13",
"2.0.2",
"2.0.3",
"2.0.4",
"2.0.5",
"2.0.6",
"2.0.7",
"2.0.8",
"2.0.9",
"2.2.0",
"2.2.1",
"2.2.10",
"2.2.11",
"2.2.12",
"2.2.13",
"2.2.14",
"2.2.2",
"2.2.3",
"2.2.4",
"2.2.5",
"2.2.6",
"2.2.7",
"2.2.8",
"2.2.9",
"2.4.0",
"2.4.1",
"2.4.10",
"2.4.11",
"2.4.12",
"2.4.13",
"2.4.14",
"2.4.15",
"2.4.16",
"2.4.2",
"2.4.3",
"2.4.4",
"2.4.5",
"2.4.6",
"2.4.7",
"2.4.8",
"2.4.9",
"2.6.0",
"2.6.1",
"2.6.10",
"2.6.11",
"2.6.12",
"2.6.13",
"2.6.14",
"2.6.15",
"2.6.16",
"2.6.17",
"2.6.18",
"2.6.2",
"2.6.3",
"2.6.4",
"2.6.5",
"2.6.6",
"2.6.7",
"2.6.8",
"2.6.9",
"2.8.0",
"2.8.1",
"2.8.10",
"2.8.11",
"2.8.12",
"2.8.13",
"2.8.14",
"2.8.15",
"2.8.16",
"2.8.2",
"2.8.3",
"2.8.4",
"2.8.5",
"2.8.6",
"2.8.7",
"2.8.8",
"2.8.9",
"3.0.0",
"3.0.1",
"3.0.10",
"3.0.11",
"3.0.12",
"3.0.13",
"3.0.14",
"3.0.15",
"3.0.16",
"3.0.17",
"3.0.2",
"3.0.3",
"3.0.4",
"3.0.5",
"3.0.6",
"3.0.7",
"3.0.8",
"3.0.9",
"3.2.0",
"3.2.1",
"3.2.10",
"3.2.11",
"3.2.12",
"3.2.13",
"3.2.14",
"3.2.15",
"3.2.16",
"3.2.2",
"3.2.3",
"3.2.4",
"3.2.5",
"3.2.6",
"3.2.7",
"3.2.8",
"3.2.9",
"3.4.0",
"3.4.1",
"3.4.10",
"3.4.11",
"3.4.12",
"3.4.13",
"3.4.2",
"3.4.3",
"3.4.4",
"3.4.5",
"3.4.6",
"3.4.7",
"3.4.8",
"3.4.9",
"3.6.0",
"3.6.1",
"3.6.10",
"3.6.11",
"3.6.2",
"3.6.3",
"3.6.4",
"3.6.5",
"3.6.6",
"3.6.7",
"3.6.8",
"3.6.9",
"3.8.0",
"3.8.1",
"3.8.2",
"3.8.3",
"3.8.4",
"3.8.5",
"3.8.6",
"3.8.7",
"4.0.0",
"4.0.1",
"4.0.2",
"4.0.3"
]
}
],
"aliases": [
"CVE-2016-1241"
],
"details": "Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.",
"id": "PYSEC-2016-12",
"modified": "2021-10-12T02:55:35.373801Z",
"published": "2016-09-07T19:28:00Z",
"references": [
{
"type": "WEB",
"url": "https://bugs.tryton.org/issue5795"
},
{
"type": "ADVISORY",
"url": "http://www.debian.org/security/2016/dsa-3656"
},
{
"type": "WEB",
"url": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"
}
]
}
PYSEC-2016-40
Vulnerability from pysec - Published: 2016-09-07 19:28 - Updated: 2024-11-21 14:23
VLAI?
Details
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.
Severity ?
5.3 (Medium)
Impacted products
| Name | purl | tryton | pkg:pypi/tryton |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tryton",
"purl": "pkg:pypi/tryton"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.17"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0.0",
"1.0.1",
"1.0.2",
"1.0.3",
"1.0.4",
"1.0.5",
"1.0.6",
"1.0.7",
"1.0.8",
"1.0.9",
"1.2.0",
"1.2.1",
"1.2.10",
"1.2.2",
"1.2.3",
"1.2.4",
"1.2.5",
"1.2.6",
"1.2.7",
"1.2.8",
"1.2.9",
"1.4.0",
"1.4.1",
"1.4.10",
"1.4.2",
"1.4.3",
"1.4.4",
"1.4.5",
"1.4.6",
"1.4.7",
"1.4.8",
"1.4.9",
"1.6.0",
"1.6.1",
"1.6.2",
"1.6.3",
"1.6.4",
"1.6.5",
"1.6.6",
"1.6.7",
"1.6.8",
"1.6.9",
"1.8.0",
"1.8.1",
"1.8.2",
"1.8.3",
"1.8.4",
"1.8.5",
"1.8.6",
"1.8.7",
"1.8.8",
"1.8.9",
"2.0.0",
"2.0.1",
"2.0.10",
"2.0.11",
"2.0.12",
"2.0.2",
"2.0.3",
"2.0.4",
"2.0.5",
"2.0.6",
"2.0.7",
"2.0.8",
"2.0.9",
"2.2.0",
"2.2.1",
"2.2.10",
"2.2.11",
"2.2.12",
"2.2.13",
"2.2.2",
"2.2.3",
"2.2.4",
"2.2.5",
"2.2.6",
"2.2.7",
"2.2.8",
"2.2.9",
"2.4.0",
"2.4.1",
"2.4.10",
"2.4.11",
"2.4.12",
"2.4.13",
"2.4.14",
"2.4.15",
"2.4.16",
"2.4.2",
"2.4.3",
"2.4.4",
"2.4.5",
"2.4.6",
"2.4.7",
"2.4.8",
"2.4.9",
"2.6.0",
"2.6.1",
"2.6.10",
"2.6.11",
"2.6.12",
"2.6.13",
"2.6.14",
"2.6.15",
"2.6.16",
"2.6.2",
"2.6.3",
"2.6.4",
"2.6.5",
"2.6.6",
"2.6.7",
"2.6.8",
"2.6.9",
"2.8.0",
"2.8.1",
"2.8.10",
"2.8.11",
"2.8.12",
"2.8.13",
"2.8.14",
"2.8.15",
"2.8.16",
"2.8.2",
"2.8.3",
"2.8.4",
"2.8.5",
"2.8.6",
"2.8.7",
"2.8.8",
"2.8.9",
"3.0.0",
"3.0.1",
"3.0.10",
"3.0.11",
"3.0.12",
"3.0.13",
"3.0.14",
"3.0.15",
"3.0.16",
"3.0.17",
"3.0.2",
"3.0.3",
"3.0.4",
"3.0.5",
"3.0.6",
"3.0.7",
"3.0.8",
"3.0.9",
"3.2.0",
"3.2.1",
"3.2.10",
"3.2.11",
"3.2.12",
"3.2.13",
"3.2.14",
"3.2.15",
"3.2.16",
"3.2.2",
"3.2.3",
"3.2.4",
"3.2.5",
"3.2.6",
"3.2.7",
"3.2.8",
"3.2.9"
]
}
],
"aliases": [
"CVE-2016-1241"
],
"details": "Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.",
"id": "PYSEC-2016-40",
"modified": "2024-11-21T14:23:02.008255+00:00",
"published": "2016-09-07T19:28:00+00:00",
"references": [
{
"type": "REPORT",
"url": "https://bugs.tryton.org/issue5795"
},
{
"type": "ADVISORY",
"url": "http://www.debian.org/security/2016/dsa-3656"
},
{
"type": "ADVISORY",
"url": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"
}
],
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2016-1241
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-1241",
"description": "Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.",
"id": "GSD-2016-1241",
"references": [
"https://www.suse.com/security/cve/CVE-2016-1241.html",
"https://www.debian.org/security/2016/dsa-3656"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-1241"
],
"details": "Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.",
"id": "GSD-2016-1241",
"modified": "2023-12-13T01:21:24.382357Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html",
"refsource": "CONFIRM",
"url": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"
},
{
"name": "https://bugs.tryton.org/issue5795",
"refsource": "CONFIRM",
"url": "https://bugs.tryton.org/issue5795"
},
{
"name": "DSA-3656",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3656"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:4.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.2.16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tryton:tryton:3.4.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1241"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.tryton.org/issue5795",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.tryton.org/issue5795"
},
{
"name": "DSA-3656",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3656"
},
{
"name": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
},
"lastModifiedDate": "2016-09-08T19:06Z",
"publishedDate": "2016-09-07T19:28Z"
}
}
}
FKIE_CVE-2016-1241
Vulnerability from fkie_nvd - Published: 2016-09-07 19:28 - Updated: 2025-04-12 10:46
Severity ?
Summary
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tryton | tryton | 3.8.0 | |
| tryton | tryton | 3.8.1 | |
| tryton | tryton | 3.8.2 | |
| tryton | tryton | 3.8.3 | |
| tryton | tryton | 3.8.4 | |
| tryton | tryton | 3.8.5 | |
| tryton | tryton | 3.8.6 | |
| tryton | tryton | 3.8.7 | |
| tryton | tryton | 4.0.0 | |
| tryton | tryton | 4.0.1 | |
| tryton | tryton | 4.0.2 | |
| tryton | tryton | 4.0.3 | |
| tryton | tryton | * | |
| tryton | tryton | 3.2.0 | |
| tryton | tryton | 3.6.0 | |
| tryton | tryton | 3.6.1 | |
| tryton | tryton | 3.6.2 | |
| tryton | tryton | 3.6.3 | |
| tryton | tryton | 3.6.4 | |
| tryton | tryton | 3.6.5 | |
| tryton | tryton | 3.6.6 | |
| tryton | tryton | 3.6.7 | |
| tryton | tryton | 3.6.8 | |
| tryton | tryton | 3.6.9 | |
| tryton | tryton | 3.6.10 | |
| tryton | tryton | 3.6.11 | |
| tryton | tryton | 3.4.0 | |
| tryton | tryton | 3.4.1 | |
| tryton | tryton | 3.4.2 | |
| tryton | tryton | 3.4.3 | |
| tryton | tryton | 3.4.4 | |
| tryton | tryton | 3.4.5 | |
| tryton | tryton | 3.4.6 | |
| tryton | tryton | 3.4.7 | |
| tryton | tryton | 3.4.8 | |
| tryton | tryton | 3.4.9 | |
| tryton | tryton | 3.4.10 | |
| tryton | tryton | 3.4.11 | |
| tryton | tryton | 3.4.12 | |
| tryton | tryton | 3.4.13 | |
| tryton | tryton | 3.8.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "618FF838-56E3-4087-AD2D-FE8677740400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A90168D0-DADF-4AD2-81F6-10F5FC4BAB88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78EB89CB-07F2-44AE-B99F-DAAC81FE7D86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98756804-6B53-4BD0-89D0-573905D83B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E82011DD-1E22-4969-BCFA-95FD9C995CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75573741-4CF9-4465-BED6-6C296754FB5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C02E22AF-5768-41CC-AF93-A4A1FCB22C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B471B78-0232-40A1-AD89-55FF000297FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tryton:tryton:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6730B739-B7EF-495D-8256-F552FAAAB588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F95728E5-B5C5-4C9D-807E-535726C9886B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44C9A34B-FAC8-454C-8C87-908B3A5B54D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5A0CD6-9D95-4C6F-B566-5347391E87AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tryton:tryton:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF963655-95EE-47FF-AB6C-1C647D4C23E0",
"versionEndIncluding": "3.2.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tryton:tryton:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E66CA992-A721-43C1-975E-13408D0BCC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2E5ED5-1490-49C4-B484-97020B90E611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C55F574-5734-4131-B7FA-7C3B72A34366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "785A1D6A-52BD-4EA0-9FEA-805F4CF8F347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "982F55FA-230E-486D-857D-A47C5580A98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3868F007-E794-47BA-A6C2-4D5572F607D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5569A138-B8A1-4782-9E21-8189C614A8AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B70AD-3197-4BF3-A650-FE7932380FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99CED877-4F45-4485-9890-00B65593223E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "67A47C56-D2BA-460A-B3AD-91BD830E31C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F1651341-2B35-48B5-8B51-9935260EFFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6E60BF36-AD7B-4198-AF3E-72B62572D194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB2741E-31D0-4FE0-90FC-F9AFCDA60FA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBACDA2-4A24-4E94-A97D-CE35BD2260DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F4CB60-AC83-4B8C-9378-DD3A0B073A83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "820DCFC1-B82D-4F9F-A9C2-00693BB4A0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C780E6-F84E-4AF9-977E-A2355773C0AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D2D1D2EF-BDA5-45F8-AA65-829E388D60BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C31E9-5A60-4CEE-BF09-DF1980BFFDCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "983F41DE-2696-480C-89BE-C8F9DC8F9DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9BB6FB-98FE-4065-AE4F-49DE1FA82EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6C82B8CF-F5A9-47CA-B142-BF5615744F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "38032178-B351-488D-8AFE-44B367331613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "31F5A3E2-12F3-42AF-80B3-41AF54D4D668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6D2C93-E66F-4A62-94C2-8A44C83FA3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CEABCB83-257F-4791-95C1-07B28C07E07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6331C335-1E73-4A58-B4D8-DD32E707DA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tryton:tryton:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E82011DD-1E22-4969-BCFA-95FD9C995CCE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors."
},
{
"lang": "es",
"value": "Tryton 3.x en versiones anteriores a 3.2.17, 3.4.x en versiones anteriores a 3.4.14, 3.6.x en versiones anteriores a 3.6.12, 3.8.x en versiones anteriores a 3.8.8 y 4.x en versiones anteriores a 4.0.4 permiten a usuarios remotos autenticados descubrir hashes de contrase\u00f1as de usuario a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-1241",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-07T19:28:00.127",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3656"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.tryton.org/issue5795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.tryton.org/issue5795"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2016-07358
Vulnerability from cnvd - Published: 2016-09-08
VLAI Severity ?
Title
Tryton应用程序平台服务器信息泄露漏洞
Description
Tryton是一套基于Python和PostgreSQL的通用应用平台,它是OpenERP(企业资源计划ERP和客户关系管理CRM系统)的一个独立分支项目,包含了财务管理、营销管理、客户关系管理等模块,可用于创建企业资源计划系统。
Tryton应用程序平台的服务器存在信息泄露漏洞。攻击者可利用该漏洞造成信息泄露。
Severity
中
Patch Name
Tryton应用程序平台服务器信息泄露漏洞的补丁
Patch Description
Tryton是一套基于Python和PostgreSQL的通用应用平台,它是OpenERP(企业资源计划ERP和客户关系管理CRM系统)的一个独立分支项目,包含了财务管理、营销管理、客户关系管理等模块,可用于创建企业资源计划系统。
Tryton应用程序平台的服务器存在信息泄露漏洞。攻击者可利用该漏洞造成信息泄露。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: https://www.debian.org/security/2016/dsa-3656
Reference
https://www.debian.org/security/2016/dsa-3656
http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html
Impacted products
| Name | Tryton trytond |
|---|
{
"bids": {
"bid": {
"bidNumber": "92908"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2016-1241"
}
},
"description": "Tryton\u662f\u4e00\u5957\u57fa\u4e8ePython\u548cPostgreSQL\u7684\u901a\u7528\u5e94\u7528\u5e73\u53f0\uff0c\u5b83\u662fOpenERP\uff08\u4f01\u4e1a\u8d44\u6e90\u8ba1\u5212ERP\u548c\u5ba2\u6237\u5173\u7cfb\u7ba1\u7406CRM\u7cfb\u7edf\uff09\u7684\u4e00\u4e2a\u72ec\u7acb\u5206\u652f\u9879\u76ee\uff0c\u5305\u542b\u4e86\u8d22\u52a1\u7ba1\u7406\u3001\u8425\u9500\u7ba1\u7406\u3001\u5ba2\u6237\u5173\u7cfb\u7ba1\u7406\u7b49\u6a21\u5757\uff0c\u53ef\u7528\u4e8e\u521b\u5efa\u4f01\u4e1a\u8d44\u6e90\u8ba1\u5212\u7cfb\u7edf\u3002\r\n\r\nTryton\u5e94\u7528\u7a0b\u5e8f\u5e73\u53f0\u7684\u670d\u52a1\u5668\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u4fe1\u606f\u6cc4\u9732\u3002",
"discovererName": "unknown",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.debian.org/security/2016/dsa-3656",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-07358",
"openTime": "2016-09-08",
"patchDescription": "Tryton\u662f\u4e00\u5957\u57fa\u4e8ePython\u548cPostgreSQL\u7684\u901a\u7528\u5e94\u7528\u5e73\u53f0\uff0c\u5b83\u662fOpenERP\uff08\u4f01\u4e1a\u8d44\u6e90\u8ba1\u5212ERP\u548c\u5ba2\u6237\u5173\u7cfb\u7ba1\u7406CRM\u7cfb\u7edf\uff09\u7684\u4e00\u4e2a\u72ec\u7acb\u5206\u652f\u9879\u76ee\uff0c\u5305\u542b\u4e86\u8d22\u52a1\u7ba1\u7406\u3001\u8425\u9500\u7ba1\u7406\u3001\u5ba2\u6237\u5173\u7cfb\u7ba1\u7406\u7b49\u6a21\u5757\uff0c\u53ef\u7528\u4e8e\u521b\u5efa\u4f01\u4e1a\u8d44\u6e90\u8ba1\u5212\u7cfb\u7edf\u3002\r\n\r\nTryton\u5e94\u7528\u7a0b\u5e8f\u5e73\u53f0\u7684\u670d\u52a1\u5668\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Tryton\u5e94\u7528\u7a0b\u5e8f\u5e73\u53f0\u670d\u52a1\u5668\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Tryton trytond"
},
"referenceLink": "https://www.debian.org/security/2016/dsa-3656\r\nhttp://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html",
"serverity": "\u4e2d",
"submitTime": "2016-09-08",
"title": "Tryton\u5e94\u7528\u7a0b\u5e8f\u5e73\u53f0\u670d\u52a1\u5668\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…