Vulnerabilities > Alibaba

DATE CVE VULNERABILITY TITLE RISK
2023-08-22 CVE-2020-21699 Integer Overflow or Wraparound vulnerability in Alibaba Tengine 2.2.2
The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.
network
low complexity
alibaba CWE-190
7.5
2022-07-05 CVE-2021-43116 Improper Authentication vulnerability in Alibaba Nacos
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.
network
low complexity
alibaba CWE-287
8.8
2022-06-10 CVE-2022-25845 Deserialization of Untrusted Data vulnerability in multiple products
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions.
network
low complexity
alibaba oracle CWE-502
critical
9.8
2022-03-11 CVE-2021-44667 Cross-site Scripting vulnerability in Alibaba Nacos 2.0.3
A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters.
network
low complexity
alibaba CWE-79
6.1
2021-11-03 CVE-2021-33800 Path Traversal vulnerability in Alibaba Druid 1.2.3
In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal.
network
low complexity
alibaba CWE-22
7.5
2021-04-27 CVE-2021-29441 Authentication Bypass by Spoofing vulnerability in Alibaba Nacos
Nacos is a platform designed for dynamic service discovery and configuration and service management.
network
low complexity
alibaba CWE-290
critical
9.8
2021-04-27 CVE-2021-29442 Unspecified vulnerability in Alibaba Nacos
Nacos is a platform designed for dynamic service discovery and configuration and service management.
network
low complexity
alibaba
7.5
2020-09-30 CVE-2020-19676 Unspecified vulnerability in Alibaba Nacos 1.1.4
Nacos 1.1.4 is affected by: Incorrect Access Control.
network
low complexity
alibaba
5.3
2018-10-23 CVE-2017-18349 Improper Input Validation vulnerability in multiple products
parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java.
network
low complexity
pippo alibaba CWE-20
critical
9.8