Magento

Magento

221 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2020-24406

  • EPSS 0.3%
  • Veröffentlicht 09.11.2020 01:15:12
  • Zuletzt bearbeitet 21.11.2024 05:14:45

When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. This information could be helpful to attackers if they a...

9.1

CVE-2020-24407

  • EPSS 3.72%
  • Veröffentlicht 09.11.2020 01:15:12
  • Zuletzt bearbeitet 21.11.2024 05:14:45

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the Syste...

6.1

CVE-2020-24408

  • EPSS 1.32%
  • Veröffentlicht 16.10.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 05:14:45

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execu...

8

CVE-2020-15151

  • EPSS 0.09%
  • Veröffentlicht 20.08.2020 01:17:12
  • Zuletzt bearbeitet 21.11.2024 05:04:57

OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It ...

8.5

CVE-2020-9689

  • EPSS 0.57%
  • Veröffentlicht 29.07.2020 13:15:10
  • Zuletzt bearbeitet 21.11.2024 05:41:06

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.

4.2

CVE-2020-9690

  • EPSS 0.47%
  • Veröffentlicht 29.07.2020 13:15:10
  • Zuletzt bearbeitet 21.11.2024 05:41:06

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

9.6

CVE-2020-9691

  • EPSS 0.65%
  • Veröffentlicht 29.07.2020 13:15:10
  • Zuletzt bearbeitet 21.11.2024 05:41:06

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution.

8.5

CVE-2020-9692

  • EPSS 0.23%
  • Veröffentlicht 29.07.2020 13:15:10
  • Zuletzt bearbeitet 21.11.2024 05:41:06

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

9.8

CVE-2020-9664

  • EPSS 16.15%
  • Veröffentlicht 22.07.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 05:41:03

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution.

6.1

CVE-2020-9665

  • EPSS 0.58%
  • Veröffentlicht 22.07.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 05:41:03

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.