Vulnerabilities > Sonatype > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-07 | CVE-2021-40143 | Injection vulnerability in Sonatype Nexus Repository Manager 3 Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. | 8.2 |
2020-10-12 | CVE-2020-15012 | Path Traversal vulnerability in Sonatype Nexus Repository Manager A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. | 8.6 |
2020-08-12 | CVE-2020-15868 | Unspecified vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control. | 7.5 |
2020-07-31 | CVE-2020-15871 | Unspecified vulnerability in Sonatype Nexus Repository Manager 3 Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution. | 8.8 |
2020-04-20 | CVE-2020-11753 | Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager 3 3.21.1/3.22.0 An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. | 8.8 |
2020-04-02 | CVE-2020-11444 | Incorrect Default Permissions vulnerability in Sonatype Nexus Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control. | 8.8 |
2020-04-01 | CVE-2020-10204 | Improper Input Validation vulnerability in Sonatype Nexus Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. | 7.2 |
2020-04-01 | CVE-2020-10199 | Expression Language Injection vulnerability in Sonatype Nexus Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). | 8.8 |
2019-11-01 | CVE-2019-15588 | OS Command Injection vulnerability in Sonatype Nexus Repository Manager There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). | 7.2 |
2019-10-21 | CVE-2019-16530 | Unrestricted Upload of File with Dangerous Type vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution. | 7.2 |