Magento@* Security Vulnerabilities and Issues — Magento@* CVE List

Lucene search

AdobeMagento*

28 matches found

CVE•added 2020/01/29 7:15 p.m.•105 views

CVE-2020-3719

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

7.8CVSS7.2AI score0.01514EPSS

CVE•added 2020/01/29 7:15 p.m.•89 views

CVE-2020-3716

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

10CVSS9.5AI score0.17339EPSS

CVE•added 2020/06/26 9:15 p.m.•79 views

CVE-2020-9582

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

9.8CVSS9.7AI score0.02882EPSS

CVE•added 2020/06/26 9:15 p.m.•75 views

CVE-2020-9583

9.8CVSS9.7AI score0.02766EPSS

CVE•added 2020/01/29 7:15 p.m.•73 views

CVE-2020-3715

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

6.1CVSS5.6AI score0.0027EPSS

CVE•added 2020/01/29 7:15 p.m.•70 views

CVE-2020-3718

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

10CVSS9.5AI score0.08697EPSS

CVE•added 2020/01/29 7:15 p.m.•69 views

CVE-2020-3758

6.1CVSS5.6AI score0.00282EPSS

CVE•added 2020/06/26 9:15 p.m.•69 views

CVE-2020-9576

9.8CVSS9.7AI score0.02766EPSS

CVE•added 2020/01/29 7:15 p.m.•65 views

CVE-2020-3717

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information disclosure.

5.3CVSS5AI score0.00276EPSS

CVE•added 2020/06/26 9:15 p.m.•65 views

CVE-2020-9581

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

6.1CVSS5.6AI score0.00434EPSS

CVE•added 2020/06/26 9:15 p.m.•65 views

CVE-2020-9591

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel.

7.5CVSS7.3AI score0.00969EPSS

CVE•added 2020/06/26 9:15 p.m.•65 views

CVE-2020-9632

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

10CVSS9.5AI score0.05415EPSS

CVE•added 2020/06/26 9:15 p.m.•62 views

CVE-2020-9588

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

7.2CVSS6.7AI score0.00875EPSS

CVE•added 2020/06/26 9:15 p.m.•62 views

CVE-2020-9630

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Successful exploitation could lead to privilege escalation.

9.8CVSS9.2AI score0.00844EPSS

CVE•added 2020/07/29 1:15 p.m.•62 views

CVE-2020-9689

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.

8.5CVSS6.9AI score0.00303EPSS

CVE•added 2020/07/29 1:15 p.m.•62 views

CVE-2020-9690

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

4.2CVSS5.4AI score0.00346EPSS

CVE•added 2020/06/26 9:15 p.m.•60 views

CVE-2020-9579

9.8CVSS9.5AI score0.05576EPSS

CVE•added 2020/06/26 9:15 p.m.•60 views

CVE-2020-9585

9.8CVSS9.5AI score0.05576EPSS

CVE•added 2020/06/26 9:15 p.m.•60 views

CVE-2020-9587

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.

7.5CVSS7.3AI score0.00406EPSS

CVE•added 2020/06/26 9:15 p.m.•60 views

CVE-2020-9631

10CVSS9.5AI score0.05203EPSS

CVE•added 2020/06/26 9:15 p.m.•56 views

CVE-2020-9577

6.1CVSS5.8AI score0.00434EPSS

CVE•added 2020/06/26 9:15 p.m.•55 views

CVE-2020-9578

9.8CVSS9.7AI score0.02882EPSS

CVE•added 2020/06/26 9:15 p.m.•55 views

CVE-2020-9584

5.4CVSS5AI score0.00232EPSS

CVE•added 2020/07/22 8:15 p.m.•54 views

CVE-2020-9664

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution.

9.8CVSS9.7AI score0.09652EPSS

CVE•added 2020/07/29 1:15 p.m.•53 views

CVE-2020-9691

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution.

9.6CVSS8.8AI score0.00631EPSS

CVE•added 2020/06/26 9:15 p.m.•48 views

CVE-2020-9580

9.8CVSS9.5AI score0.05576EPSS

CVE•added 2020/07/29 1:15 p.m.•48 views

CVE-2020-9692

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

8.5CVSS6.9AI score0.00168EPSS

CVE•added 2020/07/22 8:15 p.m.•39 views

CVE-2020-9665

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

6.1CVSS5.7AI score0.00575EPSS