Vulnerabilities > Magento

DATE CVE VULNERABILITY TITLE RISK
2019-11-05 CVE-2019-8108 Improper Authentication vulnerability in Magento
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-287
6.5
2019-11-05 CVE-2019-8107 Unspecified vulnerability in Magento
An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento
6.5
2019-11-05 CVE-2019-8093 Unrestricted Upload of File with Dangerous Type vulnerability in Magento
An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-434
8.8
2019-11-05 CVE-2019-8092 Cross-site Scripting vulnerability in Magento
A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-79
5.4
2019-11-05 CVE-2019-8091 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3.
network
low complexity
magento
7.2
2019-11-05 CVE-2019-8090 Unspecified vulnerability in Magento
An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
network
low complexity
magento
6.5
2019-10-30 CVE-2019-8235 Authorization Bypass Through User-Controlled Key vulnerability in Magento
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions.
network
low complexity
magento CWE-639
6.5
2019-08-02 CVE-2019-7951 Unspecified vulnerability in Magento
An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento
7.5
2019-08-02 CVE-2019-7950 Authorization Bypass Through User-Controlled Key vulnerability in Magento
An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-639
7.5
2019-08-02 CVE-2019-7947 Cross-Site Request Forgery (CSRF) vulnerability in Magento
A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-352
6.5