Vulnerabilities > Magento > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-11-06 CVE-2019-8137 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento
6.5
6.5
2019-11-06 CVE-2019-8134 SQL Injection vulnerability in Magento
A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-89
6.5
6.5
2019-11-06 CVE-2019-8133 Unspecified vulnerability in Magento
A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento
4.0
4.0
2019-11-06 CVE-2019-8130 SQL Injection vulnerability in Magento
A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-89
6.5
6.5
2019-11-05 CVE-2019-8127 SQL Injection vulnerability in Magento
A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-89
6.5
6.5
2019-11-05 CVE-2019-8126 XML Entity Expansion vulnerability in Magento
An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-776
4.0
4.0
2019-11-05 CVE-2019-8125 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x.
network
low complexity
magento
6.5
6.5
2019-11-05 CVE-2019-8124 Insufficient Verification of Data Authenticity vulnerability in Magento
An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
network
low complexity
magento CWE-345
4.0
4.0
2019-11-05 CVE-2019-8123 Unspecified vulnerability in Magento
An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
network
low complexity
magento
5.0
5.0
2019-11-05 CVE-2019-8122 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
network
low complexity
magento
6.5
6.5