Alibaba
Products
9- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-70974 | Cri | 0.65 | 10.0 | 0.01 | Jan 9, 2026 | Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection… | ||
| CVE-2026-6328 | Hig | 0.47 | — | 0.00 | Apr 15, 2026 | Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol implementation, packet processing module, STREAM frame handler modules) allows Protocol Manipulation.This issue affects XQUIC: through… | ||
| CVE-2026-1788 | Med | 0.43 | — | 0.00 | Feb 3, 2026 | : Out-of-bounds Write vulnerability in Xquic Project Xquic Server xquic on Linux (QUIC protocol implementation, packet processing module modules) allows : Buffer Manipulation.This issue affects Xquic Server: through 1.8.3. | ||
| CVE-2007-0827 | 0.03 | — | 0.04 | Feb 7, 2007 | The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote attackers to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument, which is used as an offset for a function call. | |||
| CVE-2000-0626 | 0.03 | — | 0.06 | Jul 18, 2000 | Buffer overflow in Alibaba web server allows remote attackers to cause a denial of service via a long GET request. | |||
| CVE-1999-0885 | 0.03 | — | 0.03 | Nov 3, 1999 | Alibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL. | |||
| CVE-2014-5976 | 0.00 | — | 0.00 | Sep 20, 2014 | The alibaba (aka com.alibaba.wireless) application 4.1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||
| CVE-1999-1444 | 0.00 | — | 0.01 | Dec 31, 1999 | genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent of 1, which results in transactions that are sent in cleartext. | |||
| CVE-1999-0776 | 0.00 | — | 0.01 | May 12, 1999 | Alibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack. |
- risk 0.65cvss 10.0epss 0.01
Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection…
- risk 0.47cvss —epss 0.00
Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol implementation, packet processing module, STREAM frame handler modules) allows Protocol Manipulation.This issue affects XQUIC: through…
- risk 0.43cvss —epss 0.00
: Out-of-bounds Write vulnerability in Xquic Project Xquic Server xquic on Linux (QUIC protocol implementation, packet processing module modules) allows : Buffer Manipulation.This issue affects Xquic Server: through 1.8.3.
- CVE-2007-0827Feb 7, 2007risk 0.03cvss —epss 0.04
The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote attackers to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument, which is used as an offset for a function call.
- CVE-2000-0626Jul 18, 2000risk 0.03cvss —epss 0.06
Buffer overflow in Alibaba web server allows remote attackers to cause a denial of service via a long GET request.
- CVE-1999-0885Nov 3, 1999risk 0.03cvss —epss 0.03
Alibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL.
- CVE-2014-5976Sep 20, 2014risk 0.00cvss —epss 0.00
The alibaba (aka com.alibaba.wireless) application 4.1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- CVE-1999-1444Dec 31, 1999risk 0.00cvss —epss 0.01
genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent of 1, which results in transactions that are sent in cleartext.
- CVE-1999-0776May 12, 1999risk 0.00cvss —epss 0.01
Alibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack.