Vulnerabilities > Magento > High

DATE CVE VULNERABILITY TITLE RISK
2019-11-05 CVE-2019-8114 Unrestricted Upload of File with Dangerous Type vulnerability in Magento
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-434
7.2
7.2
2019-11-05 CVE-2019-8112 Insufficient Verification of Data Authenticity vulnerability in Magento
A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-345
7.5
7.5
2019-11-05 CVE-2019-8111 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento
8.8
8.8
2019-11-05 CVE-2019-8110 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento
8.8
8.8
2019-11-05 CVE-2019-8109 Cross-Site Request Forgery (CSRF) vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-352
8.0
8.0
2019-11-05 CVE-2019-8093 Unrestricted Upload of File with Dangerous Type vulnerability in Magento
An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-434
8.8
8.8
2019-11-05 CVE-2019-8091 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3.
network
low complexity
magento
7.2
7.2
2019-08-02 CVE-2019-7951 Unspecified vulnerability in Magento
An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento
7.5
7.5
2019-08-02 CVE-2019-7950 Authorization Bypass Through User-Controlled Key vulnerability in Magento
An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-639
7.5
7.5
2019-08-02 CVE-2019-7942 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento
7.2
7.2