MidnightBSD

Advisories for tripwire

CVE-1999-0464 LOW

Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
tripwire tripwire *
CVE-2001-0774 MEDIUM

Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
tripwire tripwire 1.3.1
tripwire tripwire 2.3.0
tripwire tripwire 2.2.1
CVE-2004-0536 HIGH

Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
tripwire tripwire 4.0.1
tripwire tripwire 2.3.0
tripwire tripwire 3.0.1
tripwire tripwire 2.3.1
tripwire tripwire 4.0
tripwire tripwire 2.3.1.2
tripwire tripwire 3.0
tripwire tripwire 4.1
tripwire tripwire 2.4.2
tripwire tripwire 2.2.1
tripwire tripwire 2.4.0
CVE-2013-5005 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) m_target_class_name, (2) m_target_method_name, or (3) m_request_context_params parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tripwire tripwire_enterprise 7.0
tripwire tripwire_enterprise *
CVE-2015-6237 HIGH

The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
tripwire ip360 7.2.2
tripwire ip360 7.2.4
tripwire ip360 7.2.5