VYPR

Mender

by Northern.tech

Source repositories

CVEs (8)

  • CVE-2024-37019CriJun 3, 2024
    risk 0.64cvss 9.8epss 0.01

    Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication.

  • CVE-2024-55959CriJan 21, 2025
    risk 0.59cvss 9.1epss 0.01

    Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions.

  • CVE-2022-45929HigJun 20, 2024
    risk 0.57cvss 8.8epss 0.00

    Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user.

  • CVE-2024-46947MedNov 8, 2024
    risk 0.42cvss 6.5epss 0.00

    Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF.

  • CVE-2022-41324MedJun 20, 2024
    risk 0.42cvss 6.5epss 0.00

    Northern.tech Mender 3.3.x before 3.3.2 and 3.4.x before 3.4.0 has Incorrect Access Control and allows low-privileged users default read access to some sensitive device information.

  • CVE-2025-67903MedMay 27, 2026
    risk 0.34cvss 5.3epss 0.00

    Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass.

  • CVE-2024-46948MedNov 8, 2024
    risk 0.28cvss 4.3epss 0.00

    Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control.

  • CVE-2022-32290MedJul 6, 2022
    risk 0.28cvss 4.3epss 0.00

    The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network…