Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Nuxeo Subscribe
Filtered by product Nuxeo
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-4521 1 Nuxeo 1 Nuxeo 2020-02-13 7.5 HIGH 9.8 CRITICAL
RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165.
CVE-2017-5869 1 Nuxeo 1 Nuxeo 2017-08-15 6.5 MEDIUM 8.8 HIGH
Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header.