Vulnerabilities > Magento
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-05 | CVE-2019-8116 | Session Fixation vulnerability in Magento Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 5.0 |
2019-11-05 | CVE-2019-8115 | Cross-site Scripting vulnerability in Magento A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 3.5 |
2019-11-05 | CVE-2019-8114 | Unrestricted Upload of File with Dangerous Type vulnerability in Magento A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 6.5 |
2019-11-05 | CVE-2019-8113 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Magento Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration. | 5.0 |
2019-11-05 | CVE-2019-8112 | Insufficient Verification of Data Authenticity vulnerability in Magento A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 5.0 |
2019-11-05 | CVE-2019-8111 | Unspecified vulnerability in Magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 6.5 |
2019-11-05 | CVE-2019-8110 | Unspecified vulnerability in Magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 6.5 |
2019-11-05 | CVE-2019-8109 | Cross-Site Request Forgery (CSRF) vulnerability in Magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 6.0 |
2019-11-05 | CVE-2019-8108 | Improper Authentication vulnerability in Magento Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 4.0 |
2019-11-05 | CVE-2019-8107 | Unspecified vulnerability in Magento An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 5.5 |