Vulnerabilities > Unisys > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-30 | CVE-2017-13684 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unisys Mcp-Firmware Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via vectors related to incorrect literal handling, which trigger CPM stack corruption. | 4.6 |
| 2017-06-09 | CVE-2016-7805 | Improper Certificate Validation vulnerability in Unisys Mobigate The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 4.3 |
| 2017-04-11 | CVE-2017-5873 | Unquoted Search Path or Element vulnerability in Unisys Secure Partitioning 4.3.403/4.4.19 Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. | 4.6 |
| 2017-03-10 | CVE-2017-5872 | Improper Input Validation vulnerability in Unisys Clearpath MCP 57.1/58.1/59.1 The TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 57.1 before 57.152, 58.1 before 58.142, or 59.1 before 59.172, when running a TLS 1.2 service, allows remote attackers to cause a denial of service (network connectivity disruption) via a client hello with a signature_algorithms extension above those defined in RFC 5246, which triggers a full memory dump. | 5.0 |
| 2017-02-03 | CVE-2015-4049 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unisys Mcp-Firmware 40.0 Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FIRMWARE 40.0 before 40.0IC4 Build 270 might allow remote authenticated users to cause a denial of service (data corruption or system crash) via vectors related to using program operators during EPSILON (level 5) based codefiles at peak memory usage, which triggers CPM stack corruption. | 5.6 |