{"id": "FEDORA:13EAA604814B", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 25 Update: python-proteus-4.0.2-1.fc25", "description": "A client library to access Tryton's internal objects like Models and Wizard s. ", "published": "2016-09-13T18:29:51", "modified": "2016-09-13T18:29:51", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2016-1241", "CVE-2016-1242"], "lastseen": "2020-12-21T08:17:53", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-1241", "CVE-2016-1242"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3656-1:CAA9D", "DEBIAN:DSA-3826-1:9CAA5"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-3826.NASL", "FEDORA_2016-D961441913.NASL", "DEBIAN_DSA-3656.NASL", "OPENSUSE-2017-6.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310872081", "OPENVAS:1361412562310872072", "OPENVAS:1361412562310872040", "OPENVAS:1361412562310871922", "OPENVAS:1361412562310871911", "OPENVAS:1361412562310872053", "OPENVAS:1361412562310703656", "OPENVAS:1361412562310871926", "OPENVAS:1361412562310871931", "OPENVAS:1361412562310872075"]}, {"type": "fedora", "idList": ["FEDORA:3F34A60A8671", "FEDORA:B677B60A8F9F", "FEDORA:31D5360A7AD7", "FEDORA:5D03160A20E0", "FEDORA:4CB8F60A8671", "FEDORA:8C332604814B", "FEDORA:98B6060A8671", "FEDORA:DE07260A91C1", "FEDORA:3E8CA60A7AD7", "FEDORA:AA82260A7AD7"]}], "modified": "2020-12-21T08:17:53", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2020-12-21T08:17:53", "rev": 2}, "vulnersScore": 6.2}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "25", "arch": "any", "packageName": "python-proteus", "packageVersion": "4.0.2", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"cve": [{"lastseen": "2020-12-09T20:07:34", "description": "file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.", "edition": 5, "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.4, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-09-07T19:28:00", "title": "CVE-2016-1242", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1242"], "modified": "2017-01-13T02:59:00", "cpe": ["cpe:/a:tryton:tryton:3.6.9", "cpe:/a:tryton:tryton:3.4.3", "cpe:/a:tryton:tryton:3.8.1", "cpe:/a:tryton:tryton:3.4.7", "cpe:/a:tryton:tryton:3.4.4", "cpe:/a:tryton:tryton:3.8.2", "cpe:/a:tryton:tryton:4.0.3", "cpe:/a:tryton:tryton:3.6.11", "cpe:/a:tryton:tryton:3.8.7", "cpe:/a:tryton:tryton:3.4.6", "cpe:/a:tryton:tryton:4.0.1", "cpe:/a:tryton:tryton:3.6.10", "cpe:/a:tryton:tryton:3.4.8", "cpe:/a:tryton:tryton:3.4.0", "cpe:/a:tryton:tryton:3.6.8", "cpe:/a:tryton:tryton:3.8.3", "cpe:/a:tryton:tryton:3.6.3", "cpe:/a:tryton:tryton:3.4.13", "cpe:/a:tryton:tryton:3.6.1", "cpe:/a:tryton:tryton:3.8.4", "cpe:/a:tryton:tryton:3.4.10", "cpe:/a:tryton:tryton:3.6.0", "cpe:/a:tryton:tryton:4.0.2", "cpe:/a:tryton:tryton:3.4.5", "cpe:/a:tryton:tryton:3.8.6", "cpe:/a:tryton:tryton:4.0.0", "cpe:/a:tryton:tryton:3.6.6", "cpe:/a:tryton:tryton:3.6.7", "cpe:/a:tryton:tryton:3.4.12", "cpe:/a:tryton:tryton:3.6.2", "cpe:/a:tryton:tryton:3.4.9", "cpe:/a:tryton:tryton:3.4.1", "cpe:/a:tryton:tryton:3.8.0", "cpe:/a:tryton:tryton:3.8.5", "cpe:/a:tryton:tryton:3.4.11", "cpe:/a:tryton:tryton:3.2.16", "cpe:/a:tryton:tryton:3.4.2", "cpe:/a:tryton:tryton:3.2.0", "cpe:/a:tryton:tryton:3.6.5", "cpe:/a:tryton:tryton:3.6.4"], "id": "CVE-2016-1242", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1242", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:tryton:tryton:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:34", "description": "Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.", "edition": 5, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-09-07T19:28:00", "title": "CVE-2016-1241", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1241"], "modified": "2016-09-08T19:06:00", "cpe": ["cpe:/a:tryton:tryton:3.6.9", "cpe:/a:tryton:tryton:3.4.3", "cpe:/a:tryton:tryton:3.8.1", "cpe:/a:tryton:tryton:3.4.7", "cpe:/a:tryton:tryton:3.4.4", "cpe:/a:tryton:tryton:3.8.2", "cpe:/a:tryton:tryton:4.0.3", "cpe:/a:tryton:tryton:3.6.11", "cpe:/a:tryton:tryton:3.8.7", "cpe:/a:tryton:tryton:3.4.6", "cpe:/a:tryton:tryton:4.0.1", "cpe:/a:tryton:tryton:3.6.10", "cpe:/a:tryton:tryton:3.4.8", "cpe:/a:tryton:tryton:3.4.0", "cpe:/a:tryton:tryton:3.6.8", "cpe:/a:tryton:tryton:3.8.3", "cpe:/a:tryton:tryton:3.6.3", "cpe:/a:tryton:tryton:3.4.13", "cpe:/a:tryton:tryton:3.6.1", "cpe:/a:tryton:tryton:3.8.4", "cpe:/a:tryton:tryton:3.4.10", "cpe:/a:tryton:tryton:3.6.0", "cpe:/a:tryton:tryton:4.0.2", "cpe:/a:tryton:tryton:3.4.5", "cpe:/a:tryton:tryton:3.8.6", "cpe:/a:tryton:tryton:4.0.0", "cpe:/a:tryton:tryton:3.6.6", "cpe:/a:tryton:tryton:3.6.7", "cpe:/a:tryton:tryton:3.4.12", "cpe:/a:tryton:tryton:3.6.2", "cpe:/a:tryton:tryton:3.4.9", "cpe:/a:tryton:tryton:3.4.1", "cpe:/a:tryton:tryton:3.8.0", "cpe:/a:tryton:tryton:3.8.5", "cpe:/a:tryton:tryton:3.4.11", "cpe:/a:tryton:tryton:3.2.16", "cpe:/a:tryton:tryton:3.4.2", "cpe:/a:tryton:tryton:3.2.0", "cpe:/a:tryton:tryton:3.6.5", "cpe:/a:tryton:tryton:3.6.4"], "id": "CVE-2016-1241", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1241", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:tryton:tryton:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:tryton:3.4.2:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1241", "CVE-2016-1242"], "description": "account-statement module for Tryton application server. ", "modified": "2016-09-13T18:29:50", "published": "2016-09-13T18:29:50", "id": "FEDORA:4CB8F60A8671", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: trytond-account-statement-4.0.2-1.fc25", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1241", "CVE-2016-1242"], "description": "purchase module for Tryton application server. ", "modified": "2016-09-13T18:29:50", "published": "2016-09-13T18:29:50", "id": "FEDORA:AA82260A7AD7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: trytond-purchase-4.0.3-1.fc25", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1241", "CVE-2016-1242"], "description": "account-product module for Tryton application server. ", "modified": "2016-09-13T18:29:50", "published": "2016-09-13T18:29:50", "id": "FEDORA:5D03160A20E0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: trytond-account-product-4.0.2-1.fc25", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1241", "CVE-2016-1242"], "description": "stock module for Tryton application server. ", "modified": "2016-09-13T18:29:50", "published": "2016-09-13T18:29:50", "id": "FEDORA:8C332604814B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: trytond-stock-4.0.3-1.fc25", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1241", "CVE-2016-1242"], "description": "company module for Tryton application server. ", "modified": "2016-09-13T18:29:50", "published": "2016-09-13T18:29:50", "id": "FEDORA:3E8CA60A7AD7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: trytond-company-4.0.3-1.fc25", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1241", "CVE-2016-1242"], "description": "account module for Tryton application server. ", "modified": "2016-09-13T18:29:51", "published": "2016-09-13T18:29:51", "id": "FEDORA:3F34A60A8671", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: trytond-account-4.0.3-1.fc25", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1241", "CVE-2016-1242"], "description": "Tryton is a three-tiers high-level general purpose application framework written in Python and use PostgreSQL as database engine. It is the core base of an Open Source ERP. It provides modularity, scalability and security. The core of Tryton (also called Tryton kernel) provides all the necessary functionalities for a complete application framework: data persistence (i.e an ORM with extensive modularity), users management (authentication, fine grained control for data access, handling of concurrent access of resources ), workflow and report engines, web services and internationalisation. Thus constituting a complete application platform which can be used for any relevant purpose. ", "modified": "2016-09-13T18:29:50", "published": "2016-09-13T18:29:50", "id": "FEDORA:B677B60A8F9F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: trytond-4.0.4-1.fc25", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1241", "CVE-2016-1242"], "description": "google-maps module for Tryton application server. ", "modified": "2016-09-13T18:29:50", "published": "2016-09-13T18:29:50", "id": "FEDORA:98B6060A8671", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: trytond-google-maps-4.0.2-1.fc25", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1241", "CVE-2016-1242"], "description": "party module for Tryton application server. ", "modified": "2016-09-13T18:29:51", "published": "2016-09-13T18:29:51", "id": "FEDORA:31D5360A7AD7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: trytond-party-4.0.2-1.fc25", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1241", "CVE-2016-1242"], "description": "This is client for the Tryton application framework. The server can be found in the trytond package. ", "modified": "2016-09-13T18:29:50", "published": "2016-09-13T18:29:50", "id": "FEDORA:DE07260A91C1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: tryton-4.0.4-1.fc25", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-12T09:49:47", "description": "Two vulnerabilities have been discovered in the server for the Tryton\napplication platform, which may result in information disclosure of\npassword hashes or file contents.", "edition": 24, "cvss3": {"score": 5.3, "vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-08-31T00:00:00", "title": "Debian DSA-3656-1 : tryton-server - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1242", "CVE-2016-1241"], "modified": "2016-08-31T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:tryton-server"], "id": "DEBIAN_DSA-3656.NASL", "href": "https://www.tenable.com/plugins/nessus/93237", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3656. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93237);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-1241\", \"CVE-2016-1242\");\n script_xref(name:\"DSA\", value:\"3656\");\n\n script_name(english:\"Debian DSA-3656-1 : tryton-server - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two vulnerabilities have been discovered in the server for the Tryton\napplication platform, which may result in information disclosure of\npassword hashes or file contents.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tryton-server\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3656\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tryton-server packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 3.4.0-3+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tryton-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"tryton-server\", reference:\"3.4.0-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tryton-server-doc\", reference:\"3.4.0-3+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:14:52", "description": " - security fix for CVE-2016-1241, CVE-2016-1242\n\n - other bug fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 5.3, "vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-11-15T00:00:00", "title": "Fedora 25 : python-proteus / tryton / trytond / trytond-account / etc (2016-d961441913)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1242", "CVE-2016-1241"], "modified": "2016-11-15T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:trytond-account-statement", "p-cpe:/a:fedoraproject:fedora:trytond-sale", "p-cpe:/a:fedoraproject:fedora:trytond-account-product", "p-cpe:/a:fedoraproject:fedora:trytond-purchase", "p-cpe:/a:fedoraproject:fedora:trytond-company", "p-cpe:/a:fedoraproject:fedora:python-proteus", "p-cpe:/a:fedoraproject:fedora:trytond-account", "p-cpe:/a:fedoraproject:fedora:tryton", "cpe:/o:fedoraproject:fedora:25", "p-cpe:/a:fedoraproject:fedora:trytond", "p-cpe:/a:fedoraproject:fedora:trytond-party", "p-cpe:/a:fedoraproject:fedora:trytond-stock", "p-cpe:/a:fedoraproject:fedora:trytond-account-invoice", "p-cpe:/a:fedoraproject:fedora:trytond-google-maps"], "id": "FEDORA_2016-D961441913.NASL", "href": "https://www.tenable.com/plugins/nessus/94868", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-d961441913.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94868);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-1241\", \"CVE-2016-1242\");\n script_xref(name:\"FEDORA\", value:\"2016-d961441913\");\n\n script_name(english:\"Fedora 25 : python-proteus / tryton / trytond / trytond-account / etc (2016-d961441913)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - security fix for CVE-2016-1241, CVE-2016-1242\n\n - other bug fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-d961441913\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-proteus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tryton\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:trytond\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:trytond-account\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:trytond-account-invoice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:trytond-account-product\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:trytond-account-statement\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:trytond-company\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:trytond-google-maps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:trytond-party\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:trytond-purchase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:trytond-sale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:trytond-stock\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"python-proteus-4.0.2-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"tryton-4.0.4-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"trytond-4.0.4-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"trytond-account-4.0.3-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"trytond-account-invoice-4.0.2-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"trytond-account-product-4.0.2-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"trytond-account-statement-4.0.2-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"trytond-company-4.0.3-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"trytond-google-maps-4.0.2-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"trytond-party-4.0.2-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"trytond-purchase-4.0.3-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"trytond-sale-4.0.3-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"trytond-stock-4.0.3-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-proteus / tryton / trytond / trytond-account / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-01-20T12:32:52", "description": "This update provides version 3.0.5 of GNU Health including several\nfixes and improvements.\n\n - Update to ICD10 version 2016.\n\n - Fix error when printing prescription using review dates.\n\n - Fix error on summary report when no date of birth is\n assigned to the person.\n\nAdditionally the following dependencies have been updated :\n\ntryton :\n\n - Update to 3.8.12.\n\n - Sanitize path in file open. (boo#1016886, CVE-2016-1242)\n\n - Prevent read of user password hash. (boo#1016885,\n CVE-2016-1241)\n\ntrytond :\n\n - Update to 3.8.9.\n\n - Sanitize path in file open. (boo#1016886, CVE-2016-1242)\n\n - Prevent read of user password hash. (boo#1016885,\n CVE-2016-1241)\n\ntrytond_account :\n\n - Update to 3.8.5.\n\ntrytond_account_invoice :\n\n - Update to 3.8.4.\n\ntrytond_stock :\n\n - Update to 3.8.4.\n\ntrytond_stock_lot :\n\n - Update to 3.8.1.\n\nporteus :\n\n - Update to 3.8.5.", "edition": 17, "cvss3": {"score": 5.3, "vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2017-01-03T00:00:00", "title": "openSUSE Security Update : GNU Health and it's dependencies (openSUSE-2017-6)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1242", "CVE-2016-1241"], "modified": "2017-01-03T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:trytond", "p-cpe:/a:novell:opensuse:tryton", "p-cpe:/a:novell:opensuse:proteus", "p-cpe:/a:novell:opensuse:trytond_stock_lot", "p-cpe:/a:novell:opensuse:trytond_account", "p-cpe:/a:novell:opensuse:trytond_stock", "p-cpe:/a:novell:opensuse:gnuhealth", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:trytond_account_invoice"], "id": "OPENSUSE-2017-6.NASL", "href": "https://www.tenable.com/plugins/nessus/96254", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-6.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96254);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-1241\", \"CVE-2016-1242\");\n\n script_name(english:\"openSUSE Security Update : GNU Health and it's dependencies (openSUSE-2017-6)\");\n script_summary(english:\"Check for the openSUSE-2017-6 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update provides version 3.0.5 of GNU Health including several\nfixes and improvements.\n\n - Update to ICD10 version 2016.\n\n - Fix error when printing prescription using review dates.\n\n - Fix error on summary report when no date of birth is\n assigned to the person.\n\nAdditionally the following dependencies have been updated :\n\ntryton :\n\n - Update to 3.8.12.\n\n - Sanitize path in file open. (boo#1016886, CVE-2016-1242)\n\n - Prevent read of user password hash. (boo#1016885,\n CVE-2016-1241)\n\ntrytond :\n\n - Update to 3.8.9.\n\n - Sanitize path in file open. (boo#1016886, CVE-2016-1242)\n\n - Prevent read of user password hash. (boo#1016885,\n CVE-2016-1241)\n\ntrytond_account :\n\n - Update to 3.8.5.\n\ntrytond_account_invoice :\n\n - Update to 3.8.4.\n\ntrytond_stock :\n\n - Update to 3.8.4.\n\ntrytond_stock_lot :\n\n - Update to 3.8.1.\n\nporteus :\n\n - Update to 3.8.5.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1016817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1016885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1016886\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GNU Health and it's dependencies packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnuhealth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proteus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tryton\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:trytond\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:trytond_account\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:trytond_account_invoice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:trytond_stock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:trytond_stock_lot\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"gnuhealth-3.0.5-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"proteus-3.8.5-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tryton-3.8.12-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"trytond-3.8.9-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"trytond_account-3.8.5-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"trytond_account_invoice-3.8.4-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"trytond_stock-3.8.4-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"trytond_stock_lot-3.8.1-3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnuhealth / trytond_account / trytond_account_invoice / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T09:50:12", "description": "It was discovered that the original patch to address CVE-2016-1242 did\nnot cover all cases, which may result in information disclosure of\nfile contents.", "edition": 26, "cvss3": {"score": 5.3, "vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2017-04-05T00:00:00", "title": "Debian DSA-3826-1 : tryton-server - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1242", "CVE-2017-0360"], "modified": "2017-04-05T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:tryton-server"], "id": "DEBIAN_DSA-3826.NASL", "href": "https://www.tenable.com/plugins/nessus/99190", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3826. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99190);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-0360\");\n script_xref(name:\"DSA\", value:\"3826\");\n\n script_name(english:\"Debian DSA-3826-1 : tryton-server - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the original patch to address CVE-2016-1242 did\nnot cover all cases, which may result in information disclosure of\nfile contents.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tryton-server\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3826\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tryton-server packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 3.4.0-3+deb8u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tryton-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"tryton-server\", reference:\"3.4.0-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tryton-server-doc\", reference:\"3.4.0-3+deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2021-01-16T01:28:49", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1242", "CVE-2016-1241"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3656-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nAugust 30, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tryton-server\nCVE ID : CVE-2016-1241 CVE-2016-1242\n\nTwo vulnerabilities have been discovered in the server for the Tryton\napplication platform, which may result in information disclosure of\npassword hashes or file contents.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.4.0-3+deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.4-1.\n\nWe recommend that you upgrade your tryton-server packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2016-08-30T21:14:33", "published": "2016-08-30T21:14:33", "id": "DEBIAN:DSA-3656-1:CAA9D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00234.html", "title": "[SECURITY] [DSA 3656-1] tryton-server security update", "type": "debian", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-01-16T01:17:21", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1242", "CVE-2017-0360"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3826-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 04, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tryton-server\nCVE ID : CVE-2017-0360\n\nIt was discovered that the original patch to address CVE-2016-1242 did\nnot cover all cases, which may result in information disclosure of file\ncontents.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 3.4.0-3+deb8u3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.2.1-2.\n\nWe recommend that you upgrade your tryton-server packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2017-04-04T15:36:21", "published": "2017-04-04T15:36:21", "id": "DEBIAN:DSA-3826-1:9CAA5", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00084.html", "title": "[SECURITY] [DSA 3826-1] tryton-server security update", "type": "debian", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:35:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1242", "CVE-2016-1241"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310871911", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871911", "type": "openvas", "title": "Fedora Update for trytond-purchase FEDORA-2016-d961441913", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for trytond-purchase FEDORA-2016-d961441913\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871911\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:20:12 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-1241\", \"CVE-2016-1242\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for trytond-purchase FEDORA-2016-d961441913\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'trytond-purchase'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"trytond-purchase on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-d961441913\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O5NK5K7S3RBZDAMCOYZSK3H5DXMSP7SL\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"trytond-purchase\", rpm:\"trytond-purchase~4.0.3~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1242", "CVE-2016-1241"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310872075", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872075", "type": "openvas", "title": "Fedora Update for trytond-account-invoice FEDORA-2016-d961441913", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for trytond-account-invoice FEDORA-2016-d961441913\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872075\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:26:46 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-1241\", \"CVE-2016-1242\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for trytond-account-invoice FEDORA-2016-d961441913\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'trytond-account-invoice'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"trytond-account-invoice on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-d961441913\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW6HBCRYAX2JPWUE5YUZOEN63KSNFSHZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"trytond-account-invoice\", rpm:\"trytond-account-invoice~4.0.2~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1242", "CVE-2016-1241"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310871926", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871926", "type": "openvas", "title": "Fedora Update for python-proteus FEDORA-2016-d961441913", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python-proteus FEDORA-2016-d961441913\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871926\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:20:27 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-1241\", \"CVE-2016-1242\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for python-proteus FEDORA-2016-d961441913\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-proteus'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"python-proteus on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-d961441913\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3EBE6EC3AAMBV7YHBHPJNKUYXA3V4HN7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-proteus\", rpm:\"python-proteus~4.0.2~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1242", "CVE-2016-1241"], "description": "Two vulnerabilities have been discovered in the server for the Tryton\napplication platform, which may result in information disclosure of\npassword hashes or file contents.", "modified": "2019-03-18T00:00:00", "published": "2016-09-07T00:00:00", "id": "OPENVAS:1361412562310703656", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703656", "type": "openvas", "title": "Debian Security Advisory DSA 3656-1 (tryton-server - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3656.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3656-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703656\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-1241\", \"CVE-2016-1242\");\n script_name(\"Debian Security Advisory DSA 3656-1 (tryton-server - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-07 10:08:58 +0530 (Wed, 07 Sep 2016)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3656.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"tryton-server on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 3.4.0-3+deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.4-1.\n\nWe recommend that you upgrade your tryton-server packages.\");\n script_tag(name:\"summary\", value:\"Two vulnerabilities have been discovered in the server for the Tryton\napplication platform, which may result in information disclosure of\npassword hashes or file contents.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"tryton-server\", ver:\"3.4.0-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tryton-server-doc\", ver:\"3.4.0-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1242", "CVE-2016-1241"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310871925", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871925", "type": "openvas", "title": "Fedora Update for trytond-stock FEDORA-2016-d961441913", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for trytond-stock FEDORA-2016-d961441913\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871925\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:20:25 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-1241\", \"CVE-2016-1242\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for trytond-stock FEDORA-2016-d961441913\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'trytond-stock'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"trytond-stock on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-d961441913\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74X4IFVXRKF5YDXOLXKVLW3DMUW6IEPP\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"trytond-stock\", rpm:\"trytond-stock~4.0.3~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1242", "CVE-2016-1241"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310872072", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872072", "type": "openvas", "title": "Fedora Update for trytond-google-maps FEDORA-2016-d961441913", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for trytond-google-maps FEDORA-2016-d961441913\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872072\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:26:28 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-1241\", \"CVE-2016-1242\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for trytond-google-maps FEDORA-2016-d961441913\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'trytond-google-maps'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"trytond-google-maps on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-d961441913\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBOVNH7AJ2P5FQV3J2IHBJBFFEOAN6AN\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"trytond-google-maps\", rpm:\"trytond-google-maps~4.0.2~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1242", "CVE-2016-1241"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310871934", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871934", "type": "openvas", "title": "Fedora Update for trytond-account FEDORA-2016-d961441913", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for trytond-account FEDORA-2016-d961441913\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871934\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:20:43 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-1241\", \"CVE-2016-1242\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for trytond-account FEDORA-2016-d961441913\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'trytond-account'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"trytond-account on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-d961441913\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHK6OS6FCRPTJQ5EKTG42Z46Z3AFMNOA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"trytond-account\", rpm:\"trytond-account~4.0.3~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1242", "CVE-2016-1241"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310872081", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872081", "type": "openvas", "title": "Fedora Update for trytond-account-product FEDORA-2016-d961441913", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for trytond-account-product FEDORA-2016-d961441913\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872081\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:27:01 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-1241\", \"CVE-2016-1242\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for trytond-account-product FEDORA-2016-d961441913\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'trytond-account-product'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"trytond-account-product on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-d961441913\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PS42ADAG4NKJIKWEZ2P5GK4SVZVY6TMH\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"trytond-account-product\", rpm:\"trytond-account-product~4.0.2~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2017-07-24T12:54:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1242", "CVE-2016-1241"], "description": "Two vulnerabilities have been discovered in the server for the Tryton\napplication platform, which may result in information disclosure of\npassword hashes or file contents.", "modified": "2017-07-07T00:00:00", "published": "2016-09-07T00:00:00", "id": "OPENVAS:703656", "href": "http://plugins.openvas.org/nasl.php?oid=703656", "type": "openvas", "title": "Debian Security Advisory DSA 3656-1 (tryton-server - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3656.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3656-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703656);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-1241\", \"CVE-2016-1242\");\n script_name(\"Debian Security Advisory DSA 3656-1 (tryton-server - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-07 10:08:58 +0530 (Wed, 07 Sep 2016)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3656.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tryton-server on Debian Linux\");\n script_tag(name: \"insight\", value: \"Tryton is a high-level general purpose application platform written in Python\nand using PostgreSQL as database engine. It is the core base of a complete\nbusiness solution.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 3.4.0-3+deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.4-1.\n\nWe recommend that you upgrade your tryton-server packages.\");\n script_tag(name: \"summary\", value: \"Two vulnerabilities have been discovered in the server for the Tryton\napplication platform, which may result in information disclosure of\npassword hashes or file contents.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"tryton-server\", ver:\"3.4.0-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tryton-server-doc\", ver:\"3.4.0-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:35:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1242", "CVE-2016-1241"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310872040", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872040", "type": "openvas", "title": "Fedora Update for tryton FEDORA-2016-d961441913", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tryton FEDORA-2016-d961441913\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872040\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:25:25 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-1241\", \"CVE-2016-1242\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tryton FEDORA-2016-d961441913\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tryton'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tryton on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-d961441913\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y55ISUXCCXN4BRPKJA5Y5ANOKBZ5XI5S\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"tryton\", rpm:\"tryton~4.0.4~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}]}