Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-4521 | 1 Nuxeo | 1 Nuxeo | 2020-02-13 | 7.5 HIGH | 9.8 CRITICAL |
RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165. | |||||
CVE-2017-5869 | 1 Nuxeo | 1 Nuxeo | 2017-08-15 | 6.5 MEDIUM | 8.8 HIGH |
Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header. |