Total
222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7942 | 1 Magento | 1 Magento | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates. | |||||
| CVE-2019-7932 | 1 Magento | 1 Magento | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create sitemaps can execute arbitrary PHP code by creating a malicious sitemap file. | |||||
| CVE-2020-9582 | 1 Magento | 1 Magento | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9576 | 1 Magento | 1 Magento | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9578 | 1 Magento | 1 Magento | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9591 | 1 Magento | 1 Magento | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel. | |||||
| CVE-2020-9692 | 1 Magento | 1 Magento | 2021-07-21 | 8.5 HIGH | 6.5 MEDIUM |
| Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7951 | 1 Magento | 1 Magento | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via crafted SOAP requests. | |||||
| CVE-2019-7858 | 1 Magento | 1 Magento | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks. | |||||
| CVE-2019-8126 | 1 Magento | 1 Magento | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definition and XML layout allow processing of external entities which can lead to information disclosure. | |||||
| CVE-2019-7888 | 1 Magento | 1 Magento | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to create email templates could leak sensitive data via a malicious email template. | |||||
| CVE-2019-7860 | 1 Magento | 1 Magento | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | |||||
| CVE-2020-9664 | 1 Magento | 1 Magento | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7929 | 1 Magento | 1 Magento | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges may be able to view metadata of a trusted device used by another administrator via a crafted http request. | |||||
| CVE-2020-9587 | 1 Magento | 1 Magento | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts. | |||||
| CVE-2019-7903 | 1 Magento | 1 Magento | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template. | |||||
| CVE-2020-9630 | 1 Magento | 1 Magento | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2021-28584 | 1 Magento | 1 Magento | 2021-07-06 | 6.5 MEDIUM | 7.2 HIGH |
| Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is required for successful exploitation. | |||||
| CVE-2021-28585 | 1 Magento | 1 Magento | 2021-07-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an attacker to send unsolicited spam e-mails. | |||||
| CVE-2021-28583 | 1 Magento | 1 Magento | 2021-07-06 | 4.3 MEDIUM | 4.2 MEDIUM |
| Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources. | |||||