DELL EMC Repository Manager 安全漏洞

Dell EMC is a repository manager. A plain text password storage vulnerability exists in Dell EMC. A local attacker could exploit this vulnerability to cause the disclosure of certain user credentials. An attacker could use this vulnerability to be able to use publicly available credentials to...

CVE-2022-26856

Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable...

CVE-2022-27907

Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF...

CVE-2022-27907

Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF...

Server side request forgery (ssrf)

Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF...

CVE-2022-27907

CVE-2022-27907 affects Sonatype Nexus Repository Manager 3.x before 3.38.0, with an SSRF vulnerability. Connected documents describe a code issue that forces the server to send a query request, enabling SSRF. Exploitation details are not provided in the sources; no in‑the‑wild exploit data is sta...

Sonatype Nexus Repository Manager 代码问题漏洞

Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used for managing, storing, and distributing software, among other things. A code issue vulnerability exists in Sonatype Nexus Repository Manager3 versions prior to 3.38.0 that stems from forcing the server...

CVE-2021-43961

Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection...

CVE-2021-43961

Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection...

Design/Logic Flaw

Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection...

CVE-2021-43961

CVE-2021-43961 affects Sonatype Nexus Repository Manager 3.36.0 (NXS/NXRM). The connected sources specify a HTML Injection vulnerability in this version. No exploit vectors, exploit status, or remediation details are provided in the available documents. The reports consistently describe the issue...

CVE-2021-43961

Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection...

Sonatype Nexus Repository Manager 跨站脚本漏洞

Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. A cross-site scripting vulnerability exists in Sonatype Nexus Repository Manager 3.x through 3.37.0. A remote attacker sending a specially...

Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability

Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution...

Sonatype Nexus Repository Manager 3.x < 3.21.2 RCE

The Sonatype Nexus Repository Manager server application running on the remote host is version 3.x prior to 3.21.2. It is, therefore, affected by a remote code execution vulnerability, which allows for an attacker with any type of account on NXRM to execute arbitrary code by crafting a malicious...

CVE-2021-43293

Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery SSRF...

CVE-2021-43293

Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery SSRF...

Server side request forgery (ssrf)

Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery SSRF...

CVE-2021-43293

The CVE-2021-43293 entry describes a vulnerability in Sonatype Nexus Repository Manager 3.x pre-3.36.0 where a remote authenticated attacker can perform network enumeration via Server Side Request Forgery (SSRF). Affected product: Nexus Repository Manager 3.x. Root cause: SSRF condition in the se...

CVE-2021-42568

Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account...