Vulnerabilities > Magento

DATE CVE VULNERABILITY TITLE RISK
2020-07-22 CVE-2020-9664 Deserialization of Untrusted Data vulnerability in Magento
Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability.
network
low complexity
magento CWE-502
critical
 9.8
9.8
2020-06-26 CVE-2020-9632 Unspecified vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability.
network
low complexity
magento
critical
 9.8
9.8
2020-06-26 CVE-2020-9631 Unspecified vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability.
network
low complexity
magento
critical
 9.8
9.8
2020-06-26 CVE-2020-9630 Unspecified vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability.
network
low complexity
magento
critical
 9.8
9.8
2020-06-26 CVE-2020-9591 Unspecified vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability.
network
low complexity
magento
7.5
7.5
2020-06-26 CVE-2020-9588 Information Exposure Through Discrepancy vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability.
network
low complexity
magento CWE-203
7.2
7.2
2020-06-26 CVE-2020-9587 Unspecified vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability.
network
low complexity
magento
7.5
7.5
2020-06-26 CVE-2020-9585 Unspecified vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability.
network
low complexity
magento
critical
 9.8
9.8
2020-06-26 CVE-2020-9584 Cross-site Scripting vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability.
network
low complexity
magento CWE-79
5.4
5.4
2020-06-26 CVE-2020-9583 Command Injection vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability.
network
low complexity
magento CWE-77
critical
 9.8
9.8