NotCVE - vendor:"Sonatype" product:"Nexus Repository Manager" version:" >= 2.0

Page 2 of 15 results (0.010 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-15893

https://notcve.org/view.php?id=CVE-2019-15893

Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution. Sonatype Nexus Repository Manager versiones 2.x anteriores a 2.14.15, permite la ejecución de código remota. • https://support.sonatype.com/hc/en-us/articles/360035055794 •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 4

CVE-2019-5475

https://notcve.org/view.php?id=CVE-2019-5475

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability. El plugin Nexus Yum Repository en la versión 2 es vulnerable a la ejecución remota de código cuando las peticiones que usan CommandLineExecutor.java reciben datos vulnerables como la capacidad de configuración de Yum. • https://github.com/rabbitmask/CVE-2019-5475-EXP https://github.com/jaychouzzk/CVE-2019-5475-Nexus-Repository-Manager- https://github.com/EXP-Docs/CVE-2019-5475 https://hackerone.com/reports/654888 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-9630

https://notcve.org/view.php?id=CVE-2019-9630

Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images. Sonatype Nexus Repository Manager anterior a versión 3.17.0, presenta una debilidad por defecto de otorgar a cualquier usuario no identificado permisos de lectura en los archivos e imágenes del repositorio. • https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-thousands-artifacts-exposed • CWE-276: Incorrect Default Permissions •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-9629

https://notcve.org/view.php?id=CVE-2019-9629

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials). Sonatype Nexus Repository Manager anterior a versión 3.17.0, establece un usuario administrador por defecto con valores predeterminados débiles (credenciales fijas). • https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-thousands-artifacts-exposed • CWE-287: Improper Authentication •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-11629

https://notcve.org/view.php?id=CVE-2019-11629

Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS. Sonatype Nexus Repository Manager 2.x anteriores a 2.14.13 permiten Corss-Site Scripting (XSS) • https://support.sonatype.com/hc/en-us/articles/360022528733-CVE-2019-11629-Nexus-Repository-Manager-2-Cross-Site-Scripting-XSS-2019-05-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3