Vulnerabilities > Magento

DATE CVE VULNERABILITY TITLE RISK
2019-11-05 CVE-2019-8111 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento
8.8
8.8
2019-11-05 CVE-2019-8110 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento
8.8
8.8
2019-11-05 CVE-2019-8109 Cross-Site Request Forgery (CSRF) vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-352
8.0
8.0
2019-11-05 CVE-2019-8108 Improper Authentication vulnerability in Magento
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-287
6.5
6.5
2019-11-05 CVE-2019-8107 Unspecified vulnerability in Magento
An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento
6.5
6.5
2019-11-05 CVE-2019-8093 Unrestricted Upload of File with Dangerous Type vulnerability in Magento
An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-434
8.8
8.8
2019-11-05 CVE-2019-8092 Cross-site Scripting vulnerability in Magento
A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-79
5.4
5.4
2019-11-05 CVE-2019-8091 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3.
network
low complexity
magento
7.2
7.2
2019-11-05 CVE-2019-8090 Unspecified vulnerability in Magento
An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
network
low complexity
magento
6.5
6.5
2019-10-30 CVE-2019-8235 Authorization Bypass Through User-Controlled Key vulnerability in Magento
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions.
network
low complexity
magento CWE-639
6.5
6.5