RSS   Vulnerabilities for 'Nexus'   RSS

2020-08-25
 
CVE-2020-24622

CWE-200
 

 
In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user.

 
2020-04-02
 
CVE-2020-11444

CWE-276
 

 
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.

 
2020-04-01
 
CVE-2020-10204

CWE-862
 

 
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.

 
 
CVE-2020-10203

CWE-79
 

 
Sonatype Nexus Repository before 3.21.2 allows XSS.

 
 
CVE-2020-10199

CWE-862
 

 
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).

 
2019-03-21
 
CVE-2019-7238

CWE-284
 

 
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.

 
2018-11-15
 
CVE-2018-16620

CWE-200
 

 
Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.

 
2015-01-05
 
CVE-2014-9389

CWE-22
 

 
Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors.

 
2014-03-31
 
CVE-2014-2034

CWE-noinfo
 

 
Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path."

 
2014-01-17
 
CVE-2014-0792

CWE-94
 

 
Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types.

 


Copyright 2024, cxsecurity.com

 

Back to Top