Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2020-11-09 CVE-2020-24407 Unrestricted Upload of File with Dangerous Type vulnerability in Magento
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution.
network
low complexity
magento CWE-434
critical
 9.0
9.0
2020-11-09 CVE-2020-24406 Path Traversal vulnerability in Magento
When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability that could expose the installation path during build deployments.
network
magento CWE-22
4.3
4.3
2020-11-09 CVE-2020-24405 Unspecified vulnerability in Magento
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions issue vulnerability in the Inventory module.
network
low complexity
magento
4.3
4.3
2020-11-09 CVE-2020-24404 Unspecified vulnerability in Magento
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability within the Integrations component.
network
low complexity
magento
2.7
2.7
2020-11-09 CVE-2020-24403 Unspecified vulnerability in Magento
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component.
network
low complexity
magento
2.7
2.7
2020-11-09 CVE-2020-24402 Incorrect Default Permissions vulnerability in Magento
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component.
network
low complexity
magento CWE-276
5.5
5.5
2020-11-09 CVE-2020-24401 Incorrect Authorization vulnerability in Magento
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability.
network
low complexity
magento CWE-863
5.5
5.5
2020-11-09 CVE-2020-24400 SQL Injection vulnerability in Magento
Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure.
network
low complexity
magento CWE-89
5.5
5.5
2020-11-08 CVE-2020-28347 Command Injection vulnerability in Tp-Link Ac1750 Firmware 190726
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter.
network
low complexity
tp-link CWE-77
critical
 10.0
10
2020-11-08 CVE-2020-7764 HTTP Request Smuggling vulnerability in Find-My-Way Project Find-My-Way
This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5.
network
low complexity
find-my-way-project CWE-444
5.0
5.0