Vulnerabilities > Magento > Magento > 2.2.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-09 | CVE-2020-24402 | Incorrect Default Permissions vulnerability in Magento Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. | 5.5 |
2020-11-09 | CVE-2020-24401 | Incorrect Authorization vulnerability in Magento Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. | 5.5 |
2020-11-09 | CVE-2020-24400 | SQL Injection vulnerability in Magento Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. | 5.5 |
2020-10-16 | CVE-2020-24408 | Cross-site Scripting vulnerability in Magento Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. | 4.3 |
2020-08-20 | CVE-2020-15151 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. | 4.0 |
2020-07-29 | CVE-2020-9692 | Incorrect Authorization vulnerability in Magento Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. | 8.5 |
2020-07-29 | CVE-2020-9691 | Cross-site Scripting vulnerability in Magento Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. | 9.3 |
2020-07-29 | CVE-2020-9690 | Information Exposure Through Discrepancy vulnerability in Magento Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. | 3.5 |
2020-07-29 | CVE-2020-9689 | Path Traversal vulnerability in Magento Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. | 8.5 |
2020-06-26 | CVE-2020-9632 | Unspecified vulnerability in Magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. | 10.0 |