Vulnerabilities > Magento > Magento > 2.1.10
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-09 | CVE-2020-24402 | Incorrect Default Permissions vulnerability in Magento Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. | 5.5 |
2020-11-09 | CVE-2020-24401 | Incorrect Authorization vulnerability in Magento Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. | 5.5 |
2020-11-09 | CVE-2020-24400 | SQL Injection vulnerability in Magento Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. | 5.5 |
2020-10-16 | CVE-2020-24408 | Cross-site Scripting vulnerability in Magento Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. | 4.3 |
2020-08-20 | CVE-2020-15151 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. | 4.0 |
2020-07-29 | CVE-2020-9692 | Incorrect Authorization vulnerability in Magento Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. | 8.5 |
2020-07-29 | CVE-2020-9691 | Cross-site Scripting vulnerability in Magento Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. | 9.3 |
2020-07-29 | CVE-2020-9690 | Information Exposure Through Discrepancy vulnerability in Magento Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. | 3.5 |
2020-07-29 | CVE-2020-9689 | Path Traversal vulnerability in Magento Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. | 8.5 |
2019-11-06 | CVE-2019-8141 | Deserialization of Untrusted Data vulnerability in Magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. | 6.5 |