EUVD-2022-4177

Malicious code in bioql PyPI...

EUVD-2024-16912

Malicious code in bioql PyPI...

CVE-2024-1142

Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Version 171 fixes this issue...

CVE-2019-16530

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution...

CVE-2024-1142

Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Version 171 fixes this issue...

Sonatype IQ Server 安全漏洞

Sonatype IQ Server is an open source governance and policy management tool from Sonatype USA. It is used to provide compliance metadata for open source components stored in the Nexus repository. A security vulnerability exists in Sonatype IQ Server versions 143 through 170, which stems from the...

Path traversal

Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Version 171 fixes this issue...

CVE-2024-1142 Sonatype IQ Server - Path Traversal

Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Version 171 fixes this issue...

CVE-2024-1142 Sonatype IQ Server - Path Traversal

Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Version 171 fixes this issue...

CVE-2024-1142

CVE-2024-1142 describes a path traversal vulnerability in Sonatype IQ Server affecting versions 143–170. An authenticated remote attacker can overwrite or delete files via a crafted request. The issue is fixed in version 171. Remediation: upgrade to 171 (or apply vendor guidance). Other connected...

GHSA-HMJV-PX3J-933C Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution...

CVE-2019-16530

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution...

CVE-2019-16530

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution...

Remote code execution

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution...

CVE-2019-16530

CVE-2019-16530 affects Sonatype Nexus Repository Manager (NXRM) 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, enabling remote code execution. Root cause reports indicate an attacker with sufficient privileges can upload a crafted file that executes code on the server. Several c...

CVE-2019-16530

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution...

Cross-Site Scripting (XSS)

nexus-core is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the repoId and format parameters of the healthCheckFileDetail function, the file name in the File Upload functionality of Staging Upload, the username when...

Cross-Site Scripting (XSS)

nexus-core is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the repoId and format parameters of the healthCheckFileDetail function, the file name in the File Upload functionality of Staging Upload, the username when...

CVE-2018-5306

Multiple cross-site scripting XSS vulnerabilities in Sonatype Nexus Repository Manager aka NXRM 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via 1 the repoId or 2 format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; 3 the filename in...

CVE-2018-5307

Multiple cross-site scripting XSS vulnerabilities in Sonatype Nexus Repository Manager aka NXRM 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via 1 the repoId or 2 format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; 3 the filename...