Vulnerabilities > Magento

DATE CVE VULNERABILITY TITLE RISK
2019-11-05 CVE-2019-8116 Session Fixation vulnerability in Magento
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-384
5.0
5.0
2019-11-05 CVE-2019-8115 Cross-site Scripting vulnerability in Magento
A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
magento CWE-79
3.5
3.5
2019-11-05 CVE-2019-8114 Unrestricted Upload of File with Dangerous Type vulnerability in Magento
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-434
6.5
6.5
2019-11-05 CVE-2019-8113 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Magento
Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration.
network
low complexity
magento CWE-338
5.0
5.0
2019-11-05 CVE-2019-8112 Insufficient Verification of Data Authenticity vulnerability in Magento
A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-345
5.0
5.0
2019-11-05 CVE-2019-8111 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento
6.5
6.5
2019-11-05 CVE-2019-8110 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento
6.5
6.5
2019-11-05 CVE-2019-8109 Cross-Site Request Forgery (CSRF) vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
magento CWE-352
6.0
6.0
2019-11-05 CVE-2019-8108 Improper Authentication vulnerability in Magento
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-287
4.0
4.0
2019-11-05 CVE-2019-8107 Unspecified vulnerability in Magento
An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento
5.5
5.5