Filtered by vendor Alibaba
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-21699 | 1 Alibaba | 1 Tengine | 2023-08-28 | N/A | 7.5 HIGH |
| The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests. | |||||
| CVE-2021-43116 | 1 Alibaba | 1 Nacos | 2022-07-13 | 6.5 MEDIUM | 8.8 HIGH |
| An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login. | |||||
| CVE-2021-33800 | 1 Alibaba | 1 Druid | 2021-11-05 | 5.0 MEDIUM | 7.5 HIGH |
| In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal. | |||||
| CVE-2021-29442 | 1 Alibaba | 1 Nacos | 2021-05-07 | 5.0 MEDIUM | 7.5 HIGH |
| Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql) | |||||