cbcvebase.

Adobe Magento vulnerabilities

190 known vulnerabilities affecting adobe/magento.

Total CVEs
190
CISA KEV
3
actively exploited
Public exploits
3
Exploited in wild
2
Severity breakdown
CRITICAL22HIGH64MEDIUM91LOW13

Vulnerabilities

Page 9 of 10
CVE-2020-9691CRITICALCVSS 9.6v2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions2020-07-29
CVE-2020-9691 [CRITICAL] CWE-79 CVE-2020-9691: Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scriptin Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution.
nvd
CVE-2020-9689MEDIUMCVSS 6.5v2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions2020-07-29
CVE-2020-9689 [MEDIUM] CWE-22 CVE-2020-9689: Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.
nvd
CVE-2020-9690MEDIUMCVSS 4.2v2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions2020-07-29
CVE-2020-9690 [MEDIUM] CWE-203 CVE-2020-9690: Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepanc Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
nvd
CVE-2020-9692MEDIUMCVSS 6.5v2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions2020-07-29
CVE-2020-9692 [MEDIUM] CVE-2020-9692: Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vu Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
nvd
CVE-2020-9664CRITICALCVSS 9.8v1.14.4.5 and earlier, and 1.9.4.5 and earlier versions2020-07-22
CVE-2020-9664 [CRITICAL] CWE-502 CVE-2020-9664: Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerabi Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution.
nvd
CVE-2020-9665MEDIUMCVSS 6.1v1.14.4.5 and earlier, and 1.9.4.5 and earlier versions2020-07-22
CVE-2020-9665 [MEDIUM] CWE-79 CVE-2020-9665: Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vu Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
nvd
CVE-2020-9579CRITICALCVSS 9.8v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9579 [CRITICAL] CVE-2020-9579: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
nvd
CVE-2020-9578CRITICALCVSS 9.8v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9578 [CRITICAL] CWE-77 CVE-2020-9578: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
nvd
CVE-2020-9583CRITICALCVSS 9.8v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9583 [CRITICAL] CWE-77 CVE-2020-9583: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
nvd
CVE-2020-9630CRITICALCVSS 9.8v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9630 [CRITICAL] CVE-2020-9630: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Successful exploitation could lead to privilege escalation.
nvd
CVE-2020-9580CRITICALCVSS 9.8v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9580 [CRITICAL] CVE-2020-9580: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
nvd
CVE-2020-9582CRITICALCVSS 9.8v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9582 [CRITICAL] CWE-77 CVE-2020-9582: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
nvd
CVE-2020-9585CRITICALCVSS 9.8v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9585 [CRITICAL] CVE-2020-9585: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution.
nvd
CVE-2020-9632CRITICALCVSS 9.8v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9632 [CRITICAL] CVE-2020-9632: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
nvd
CVE-2020-9631CRITICALCVSS 9.8v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9631 [CRITICAL] CVE-2020-9631: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
nvd
CVE-2020-9576CRITICALCVSS 9.8v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9576 [CRITICAL] CWE-77 CVE-2020-9576: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
nvd
CVE-2020-9591HIGHCVSS 7.5v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9591 [HIGH] CVE-2020-9591: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel.
nvd
CVE-2020-9588HIGHCVSS 7.2v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9588 [HIGH] CWE-203 CVE-2020-9588: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
nvd
CVE-2020-9587HIGHCVSS 7.5v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9587 [HIGH] CVE-2020-9587: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.
nvd
CVE-2020-9577MEDIUMCVSS 6.1v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9577 [MEDIUM] CWE-79 CVE-2020-9577: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure .
nvd
← Previous9 / 10Next →