Filtered by vendor Unisys
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-13684 | 1 Unisys | 1 Mcp-firmware | 2025-04-20 | N/A |
| Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via vectors related to incorrect literal handling, which trigger CPM stack corruption. | ||||
| CVE-2017-5873 | 1 Unisys | 1 Secure Partitioning | 2025-04-20 | N/A |
| Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. | ||||
| CVE-2015-4049 | 1 Unisys | 1 Mcp-firmware | 2025-04-20 | N/A |
| Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FIRMWARE 40.0 before 40.0IC4 Build 270 might allow remote authenticated users to cause a denial of service (data corruption or system crash) via vectors related to using program operators during EPSILON (level 5) based codefiles at peak memory usage, which triggers CPM stack corruption. | ||||
| CVE-2016-7805 | 1 Unisys | 1 Mobigate | 2025-04-20 | N/A |
| The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-5872 | 1 Unisys | 1 Clearpath Mcp | 2025-04-20 | N/A |
| The TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 57.1 before 57.152, 58.1 before 58.142, or 59.1 before 59.172, when running a TLS 1.2 service, allows remote attackers to cause a denial of service (network connectivity disruption) via a client hello with a signature_algorithms extension above those defined in RFC 5246, which triggers a full memory dump. | ||||
| CVE-2009-1628 | 2 Microsoft, Unisys | 2 Windows, Business Information Server | 2025-04-09 | N/A |
| Stack-based buffer overflow in mnet.exe in Unisys Business Information Server (BIS) 10 and 10.1 on Windows allows remote attackers to execute arbitrary code via a crafted TCP packet. | ||||
| CVE-2002-2179 | 1 Unisys | 1 Clearpath Mcp | 2025-04-03 | N/A |
| The dynamic initialization feature of the ClearPath MCP environment allows remote attackers to cause a denial of service (crash) via a TCP port scan using a tool such as nmap. | ||||
| CVE-2022-32555 | 1 Unisys | 1 Data Exchange Management Studio | 2024-11-21 | 8.8 High |
| Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn't have an Anti-CSRF token to authenticate the POST request. Thus, a cross-site request forgery attack could occur. | ||||
| CVE-2021-45445 | 1 Unisys | 1 Clearpath Mcp Tcp\/ip Networking Services | 2024-11-21 | 7.5 High |
| Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop. | ||||
| CVE-2021-43394 | 1 Unisys | 2 Clearpath 2200, Messaging Integration Services | 2024-11-21 | 9.8 Critical |
| Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated. | ||||
| CVE-2021-43388 | 1 Unisys | 1 Cargo Mobile | 2024-11-21 | 7.5 High |
| Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. The issue is addressed by ensuring that the allowBackup flag (in the manifest) is False. | ||||
| CVE-2021-3141 | 1 Unisys | 1 Stealth | 2024-11-21 | 7.8 High |
| In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and change the Stealth configuration. | ||||
| CVE-2021-35056 | 1 Unisys | 1 Stealth | 2024-11-21 | 6.7 Medium |
| Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task. An unintended executable might run. | ||||
| CVE-2021-28492 | 1 Unisys | 1 Stealth | 2024-11-21 | 4.9 Medium |
| Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, and 6.x before 6.0.037.0 stores passwords in a recoverable format. | ||||
| CVE-2020-35542 | 1 Unisys | 1 Data Exchange Management Studio | 2024-11-21 | 5.4 Medium |
| Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS attack. | ||||
| CVE-2020-24620 | 1 Unisys | 1 Stealth | 2024-11-21 | 7.8 High |
| Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable format. Therefore, a search of Enterprise Manager can potentially reveal credentials. | ||||
| CVE-2020-12647 | 1 Unisys | 1 Algol Compiler | 2024-11-21 | 8.8 High |
| Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit invalid code sequences under rare circumstances related to syntax. The resulting code could, for example, trigger a system fault or adversely affect confidentiality, integrity, and availability. | ||||
| CVE-2020-12053 | 1 Unisys | 1 Stealth | 2024-11-21 | 9.8 Critical |
| In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key. | ||||
| CVE-2019-18386 | 1 Unisys | 1 Mcp Firmware | 2024-11-21 | 8.7 High |
| Systems management on Unisys ClearPath Forward Libra and ClearPath MCP Software Series can fault and have other unspecified impact when receiving specifically crafted message payloads over a systems management communication channel | ||||
| CVE-2019-18193 | 1 Unisys | 1 Stealth | 2024-11-21 | 7.5 High |
| In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material inadvertently logged under certain conditions. Fixed included in 3.4.109, 4.0.027.13, 4.0.125 and 5.0.013.0. | ||||