VYPR
Vendor

Northern.tech

Products
11
CVEs
30
Across products
38
Status
Private

Products

11

Recent CVEs

30
View all 30 CVEs →
  • CVE-2024-37019CriJun 3, 2024
    risk 0.64cvss 9.8epss 0.01

    Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication.

  • CVE-2025-49603CriJun 26, 2025
    risk 0.59cvss 9.1epss 0.00

    Northern.tech Mender Server before 3.7.11 and 4.x before 4.0.1 has Incorrect Access Control.

  • CVE-2024-55959CriJan 21, 2025
    risk 0.59cvss 9.1epss 0.01

    Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions.

  • CVE-2022-45929HigJun 20, 2024
    risk 0.57cvss 8.8epss 0.00

    Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user.

  • CVE-2026-24712HigMay 14, 2026
    risk 0.47cvss 7.3epss 0.01

    Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection.

  • CVE-2024-46947MedNov 8, 2024
    risk 0.42cvss 6.5epss 0.00

    Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF.

  • CVE-2022-41324MedJun 20, 2024
    risk 0.42cvss 6.5epss 0.00

    Northern.tech Mender 3.3.x before 3.3.2 and 3.4.x before 3.4.0 has Incorrect Access Control and allows low-privileged users default read access to some sensitive device information.

  • CVE-2026-33553MedJun 2, 2026
    risk 0.40cvss 6.1epss 0.00

    Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS.

  • CVE-2026-24710MedMay 14, 2026
    risk 0.40cvss 6.1epss 0.00

    Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.

  • CVE-2025-67903MedMay 27, 2026
    risk 0.34cvss 5.3epss 0.00

    Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass.

  • CVE-2026-24711MedMay 14, 2026
    risk 0.34cvss 5.3epss 0.00

    Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control.

  • CVE-2024-55958MedJan 21, 2025
    risk 0.31cvss 4.8epss 0.00

    Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and below allows XSS. The fixed versions are 3.24.1 and 3.21.6.

  • CVE-2026-33552LowMay 27, 2026
    risk 0.24cvss 3.7epss 0.00

    Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control.

  • CVE-2026-49009LowMay 27, 2026
    risk 0.20cvss 3.1epss 0.01

    Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.

  • CVE-2024-47190LowNov 8, 2024
    risk 0.18cvss 2.7epss 0.00

    Northern.tech Hosted Mender before 2024.07.11 allows SSRF.

  • CVE-2003-0849Nov 17, 2003
    risk 0.04cvss epss 0.11

    Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.

  • CVE-2024-46948Nov 8, 2024
    risk 0.00cvss epss 0.00

    Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control.

  • CVE-2023-45684Nov 14, 2023
    risk 0.00cvss epss 0.01

    Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub.

  • CVE-2023-26560Apr 25, 2023
    risk 0.00cvss epss 0.01

    Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.

  • CVE-2022-32290Jul 6, 2022
    risk 0.00cvss epss 0.00

    The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network…