Nexus
by Sonatype
Source repositories
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-17717 | Cri | 0.64 | 9.8 | 0.01 | Dec 17, 2017 | Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature. | ||
| CVE-2024-4956 | Hig | 0.59 | 7.5 | 0.18 | May 16, 2024 | Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1. | ||
| CVE-2014-9885 | Hig | 0.51 | 7.8 | 0.00 | Aug 6, 2016 | Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug… | ||
| CVE-2014-9877 | Hig | 0.51 | 7.8 | 0.00 | Aug 6, 2016 | drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges via a crafted application, aka Android internal… | ||
| CVE-2018-5307 | Med | 0.40 | 6.1 | 0.01 | Feb 9, 2018 | Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../i… | ||
| CVE-2018-5306 | Med | 0.40 | 6.1 | 0.01 | Feb 9, 2018 | Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../inde… | ||
| CVE-2024-5083 | Med | 0.33 | — | 0.00 | Nov 14, 2024 | A stored Cross-site Scripting vulnerability has been discovered in Sonatype Nexus Repository 2 This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1. | ||
| CVE-2018-12100 | Med | 0.31 | 4.8 | 0.01 | Jun 11, 2018 | Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI. | ||
| CVE-2019-7238 | 0.13 | — | 0.77 | KEV | Mar 21, 2019 | Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. | ||
| CVE-2021-37163 | 0.00 | — | 0.01 | Aug 2, 2021 | An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded. | |||
| CVE-2018-16619 | 0.00 | — | 0.01 | Nov 15, 2018 | Sonatype Nexus Repository Manager before 3.14 allows XSS. | |||
| CVE-2018-16620 | 0.00 | — | 0.01 | Nov 15, 2018 | Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control. | |||
| CVE-2018-16621 | 0.00 | — | 0.02 | Nov 15, 2018 | Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. | |||
| CVE-2014-9389 | 0.00 | — | 0.02 | Jan 5, 2015 | Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors. | |||
| CVE-2014-2034 | 0.00 | — | 0.02 | Apr 1, 2014 | Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path." | |||
| CVE-2014-0792 | 0.00 | — | 0.03 | Jan 17, 2014 | Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types. |
- risk 0.64cvss 9.8epss 0.01
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.
- risk 0.59cvss 7.5epss 0.18
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
- risk 0.51cvss 7.8epss 0.00
Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug…
- risk 0.51cvss 7.8epss 0.00
drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges via a crafted application, aka Android internal…
- risk 0.40cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../i…
- risk 0.40cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../inde…
- risk 0.33cvss —epss 0.00
A stored Cross-site Scripting vulnerability has been discovered in Sonatype Nexus Repository 2 This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.
- risk 0.31cvss 4.8epss 0.01
Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI.
- risk 0.13cvss —epss 0.77
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
- CVE-2021-37163Aug 2, 2021risk 0.00cvss —epss 0.01
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded.
- CVE-2018-16619Nov 15, 2018risk 0.00cvss —epss 0.01
Sonatype Nexus Repository Manager before 3.14 allows XSS.
- CVE-2018-16620Nov 15, 2018risk 0.00cvss —epss 0.01
Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.
- CVE-2018-16621Nov 15, 2018risk 0.00cvss —epss 0.02
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
- CVE-2014-9389Jan 5, 2015risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors.
- CVE-2014-2034Apr 1, 2014risk 0.00cvss —epss 0.02
Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path."
- CVE-2014-0792Jan 17, 2014risk 0.00cvss —epss 0.03
Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types.