Vulnerabilities (CVE)

Filtered by vendor Nuxeo Subscribe
Filtered by product Nuxeo
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-5869 1 Nuxeo 1 Nuxeo 2024-11-21 6.5 MEDIUM 8.8 HIGH
Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header.
CVE-2013-4521 1 Nuxeo 1 Nuxeo 2024-11-21 7.5 HIGH 9.8 CRITICAL
RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165.