Total
219 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9758 | 1 Magento | 1 Magento | 2020-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1. | |||||
| CVE-2020-9665 | 1 Magento | 1 Magento | 2020-07-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2020-9632 | 1 Magento | 1 Magento | 2020-07-02 | 10.0 HIGH | 9.8 CRITICAL |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9588 | 1 Magento | 1 Magento | 2020-07-01 | 6.5 MEDIUM | 7.2 HIGH |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass. | |||||
| CVE-2020-9581 | 1 Magento | 1 Magento | 2020-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2020-9580 | 1 Magento | 1 Magento | 2020-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9579 | 1 Magento | 1 Magento | 2020-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9577 | 1 Magento | 1 Magento | 2020-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure . | |||||
| CVE-2020-9631 | 1 Magento | 1 Magento | 2020-07-01 | 10.0 HIGH | 9.8 CRITICAL |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9585 | 1 Magento | 1 Magento | 2020-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9584 | 1 Magento | 1 Magento | 2020-06-30 | 3.5 LOW | 5.4 MEDIUM |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2020-3716 | 1 Magento | 1 Magento | 2020-01-30 | 10.0 HIGH | 9.8 CRITICAL |
| Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-3715 | 1 Magento | 1 Magento | 2020-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2020-3717 | 1 Magento | 1 Magento | 2020-01-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2020-3718 | 1 Magento | 1 Magento | 2020-01-30 | 10.0 HIGH | 9.8 CRITICAL |
| Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-3719 | 1 Magento | 1 Magento | 2020-01-30 | 7.8 HIGH | 7.5 HIGH |
| Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2020-3758 | 1 Magento | 1 Magento | 2020-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2015-6497 | 2 Magento, Php | 2 Magento, Php | 2020-01-22 | 6.5 MEDIUM | 8.8 HIGH |
| The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap. | |||||
| CVE-2016-10704 | 1 Magento | 1 Magento | 2019-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503. | |||||
| CVE-2019-8136 | 1 Magento | 1 Magento | 2019-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component. | |||||