Wyse
Products
6- 4 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-46675 | Med | 0.34 | 5.3 | 0.00 | Feb 11, 2023 | Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability. A unauthenticated attacker could potentially discover the internal structure of the application and its components and use this information for further vulnerability research. | ||
| CVE-2023-32482 | Med | 0.32 | 4.9 | 0.00 | Jul 20, 2023 | Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group. | ||
| CVE-2023-32481 | Med | 0.32 | 4.9 | 0.01 | Jul 20, 2023 | Wyse Management Suite versions prior to 4.0 contain a denial-of-service vulnerability. An authenticated malicious user can flood the configured SMTP server with numerous requests in order to deny access to the system. | ||
| CVE-2022-46755 | Med | 0.32 | 4.9 | 0.01 | Feb 11, 2023 | Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized. | ||
| CVE-2009-0695 | 0.09 | — | 0.69 | Jun 19, 2012 | hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action. | |||
| CVE-2009-0693 | 0.04 | — | 0.13 | Jun 19, 2012 | Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe. | |||
| CVE-2005-2577 | 0.04 | — | 0.07 | Aug 16, 2005 | Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote attackers to cause a denial of service (device crash) via a packet with a zero in the IP option length field. | |||
| CVE-2010-3031 | 0.00 | — | 0.04 | Aug 17, 2010 | Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other versions before ThinOS 6.5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the LPD service. |
- risk 0.34cvss 5.3epss 0.00
Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability. A unauthenticated attacker could potentially discover the internal structure of the application and its components and use this information for further vulnerability research.
- risk 0.32cvss 4.9epss 0.00
Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group.
- risk 0.32cvss 4.9epss 0.01
Wyse Management Suite versions prior to 4.0 contain a denial-of-service vulnerability. An authenticated malicious user can flood the configured SMTP server with numerous requests in order to deny access to the system.
- risk 0.32cvss 4.9epss 0.01
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized.
- CVE-2009-0695Jun 19, 2012risk 0.09cvss —epss 0.69
hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.
- CVE-2009-0693Jun 19, 2012risk 0.04cvss —epss 0.13
Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe.
- CVE-2005-2577Aug 16, 2005risk 0.04cvss —epss 0.07
Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote attackers to cause a denial of service (device crash) via a packet with a zero in the IP option length field.
- CVE-2010-3031Aug 17, 2010risk 0.00cvss —epss 0.04
Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other versions before ThinOS 6.5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the LPD service.