VYPR

Nexus

by Sonatype

Source repositories

CVEs (16)

  • CVE-2017-17717CriDec 17, 2017
    risk 0.64cvss 9.8epss 0.01

    Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.

  • CVE-2024-4956HigMay 16, 2024
    risk 0.59cvss 7.5epss 0.18

    Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.

  • CVE-2014-9885HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug…

  • CVE-2014-9877HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges via a crafted application, aka Android internal…

  • CVE-2018-5307MedFeb 9, 2018
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../i…

  • CVE-2018-5306MedFeb 9, 2018
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../inde…

  • CVE-2024-5083MedNov 14, 2024
    risk 0.33cvss epss 0.00

    A stored Cross-site Scripting vulnerability has been discovered in Sonatype Nexus Repository 2 This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.

  • CVE-2018-12100MedJun 11, 2018
    risk 0.31cvss 4.8epss 0.01

    Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI.

  • CVE-2019-7238KEVMar 21, 2019
    risk 0.13cvss epss 0.77

    Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.

  • CVE-2021-37163Aug 2, 2021
    risk 0.00cvss epss 0.01

    An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded.

  • CVE-2018-16619Nov 15, 2018
    risk 0.00cvss epss 0.01

    Sonatype Nexus Repository Manager before 3.14 allows XSS.

  • CVE-2018-16620Nov 15, 2018
    risk 0.00cvss epss 0.01

    Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.

  • CVE-2018-16621Nov 15, 2018
    risk 0.00cvss epss 0.02

    Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.

  • CVE-2014-9389Jan 5, 2015
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors.

  • CVE-2014-2034Apr 1, 2014
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path."

  • CVE-2014-0792Jan 17, 2014
    risk 0.00cvss epss 0.03

    Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types.