VYPR

Vendor CVEs

Northern.tech

All CVEs

30 total · sorted by risk
  • CVE-2024-37019CriJun 3, 2024
    risk 0.64cvss 9.8epss 0.01

    Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication.

  • CVE-2025-49603CriJun 26, 2025
    risk 0.59cvss 9.1epss 0.00

    Northern.tech Mender Server before 3.7.11 and 4.x before 4.0.1 has Incorrect Access Control.

  • CVE-2024-55959CriJan 21, 2025
    risk 0.59cvss 9.1epss 0.01

    Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions.

  • CVE-2022-45929HigJun 20, 2024
    risk 0.57cvss 8.8epss 0.00

    Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user.

  • CVE-2026-24712HigMay 14, 2026
    risk 0.47cvss 7.3epss 0.01

    Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection.

  • CVE-2024-46947MedNov 8, 2024
    risk 0.42cvss 6.5epss 0.00

    Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF.

  • CVE-2022-41324MedJun 20, 2024
    risk 0.42cvss 6.5epss 0.00

    Northern.tech Mender 3.3.x before 3.3.2 and 3.4.x before 3.4.0 has Incorrect Access Control and allows low-privileged users default read access to some sensitive device information.

  • CVE-2026-33553MedJun 2, 2026
    risk 0.40cvss 6.1epss 0.00

    Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS.

  • CVE-2026-24710MedMay 14, 2026
    risk 0.40cvss 6.1epss 0.00

    Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.

  • CVE-2025-67903MedMay 27, 2026
    risk 0.34cvss 5.3epss 0.00

    Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass.

  • CVE-2026-24711MedMay 14, 2026
    risk 0.34cvss 5.3epss 0.00

    Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control.

  • CVE-2024-55958MedJan 21, 2025
    risk 0.31cvss 4.8epss 0.00

    Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and below allows XSS. The fixed versions are 3.24.1 and 3.21.6.

  • CVE-2026-33552LowMay 27, 2026
    risk 0.24cvss 3.7epss 0.00

    Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control.

  • CVE-2026-49009LowMay 27, 2026
    risk 0.20cvss 3.1epss 0.01

    Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.

  • CVE-2024-47190LowNov 8, 2024
    risk 0.18cvss 2.7epss 0.00

    Northern.tech Hosted Mender before 2024.07.11 allows SSRF.

  • CVE-2003-0849Nov 17, 2003
    risk 0.04cvss epss 0.11

    Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.

  • CVE-2024-46948Nov 8, 2024
    risk 0.00cvss epss 0.00

    Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control.

  • CVE-2023-45684Nov 14, 2023
    risk 0.00cvss epss 0.01

    Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub.

  • CVE-2023-26560Apr 25, 2023
    risk 0.00cvss epss 0.01

    Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.

  • CVE-2022-32290Jul 6, 2022
    risk 0.00cvss epss 0.00

    The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network…

  • CVE-2022-29556Apr 28, 2022
    risk 0.00cvss epss 0.01

    The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints.

  • CVE-2022-29555Apr 28, 2022
    risk 0.00cvss epss 0.00

    The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking.

  • CVE-2021-44215Mar 7, 2022
    risk 0.00cvss epss 0.00

    Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact.

  • CVE-2021-44216Mar 7, 2022
    risk 0.00cvss epss 0.00

    Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files.

  • CVE-2021-36756Oct 27, 2021
    risk 0.00cvss epss 0.00

    CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation.

  • CVE-2021-38379Oct 27, 2021
    risk 0.00cvss epss 0.00

    The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure.

  • CVE-2021-35342Aug 27, 2021
    risk 0.00cvss epss 0.01

    The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification…

  • CVE-2019-19394Apr 16, 2020
    risk 0.00cvss epss 0.01

    Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS. This is fixed in 3.10.7, 3.12.3, and 3.15.0.

  • CVE-2019-9929Jun 6, 2019
    risk 0.00cvss epss 0.02

    Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions.

  • CVE-2005-3137Oct 5, 2005
    risk 0.00cvss epss 0.00

    The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960.