CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1969 – Heap buffer overflow
https://notcve.org/view.php?id=CVE-2024-1969
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Secomea GateManager (webserver modules) allows crash of GateManager.This issue affects GateManager: from 9.7 before 11.2.624095033. La vulnerabilidad de copia de búfer sin verificar el tamaño de la entrada ('desbordamiento de búfer clásico') en Secomea GateManager (módulos de servidor web) permite el bloqueo de GateManager. Este problema afecta a GateManager: desde 9.7 antes de 11.2.624095033. • https://www.secomea.com/support/cybersecurity-advisory • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1579 – Insufficient seeding of random number generator
https://notcve.org/view.php?id=CVE-2024-1579
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Secomea GateManager (Webserver modules) allows Session Hijacking.This issue affects GateManager: before 11.2.624071020. El uso incorrecto de semillas en la vulnerabilidad del generador de números pseudoaleatorios (PRNG) en Secomea GateManager (módulos de servidor web) permite el secuestro de sesión. Este problema afecta a GateManager: antes de 11.2.624071020. • https://www.secomea.com/support/cybersecurity-advisory • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0317 – GateManager debug interface is included in non-debug builds
https://notcve.org/view.php?id=CVE-2023-0317
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. • https://www.secomea.com/support/cybersecurity-advisory • CWE-420: Unprotected Alternate Channel •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4308 – Clear-text passwords in configuration files
https://notcve.org/view.php?id=CVE-2022-4308
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked. • https://www.secomea.com/support/cybersecurity-advisory • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2752 – Potential vulnerabilities in GM login process
https://notcve.org/view.php?id=CVE-2022-2752
A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions. This issue affects: Secomea GateManager versions from 9.4 through 9.7. Una vulnerabilidad en el servidor web de Secomea GateManager permite que un usuario local se haga pasar por el usuario anterior en algunas condiciones de inicio de sesión fallidas. Este problema afecta a: Versiones de Secomea GateManager desde la 9.4 hasta la 9.7. • https://www.secomea.com/support/cybersecurity-advisory • CWE-287: Improper Authentication •