Total
34059 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-8110 | 1 Magento | 1 Magento | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code. | ||||
| CVE-2019-8107 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 Medium |
| An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with export data transfer privileges can craft a request to perform arbitrary file deletion. | ||||
| CVE-2019-8097 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 5.3 Medium |
| Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an internal ip disclosure vulnerability. Successful exploitation could lead to information disclosure. | ||||
| CVE-2019-8091 | 1 Magento | 1 Magento | 2024-11-21 | 7.2 High |
| A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution. | ||||
| CVE-2019-8090 | 1 Magento | 1 Magento | 2024-11-21 | 6.5 Medium |
| An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature. | ||||
| CVE-2019-8081 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 7.5 High |
| Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authentication bypass vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2019-8075 | 8 Adobe, Apple, Debian and 5 more | 12 Flash Player, Flash Player Desktop Runtime, Macos and 9 more | 2024-11-21 | 7.5 High |
| Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | ||||
| CVE-2019-8072 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 7.5 High |
| ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | ||||
| CVE-2019-8063 | 3 Adobe, Apple, Microsoft | 3 Creative Cloud, Mac Os X, Windows | 2024-11-21 | N/A |
| Creative Cloud Desktop Application 4.6.1 and earlier versions have an insecure transmission of sensitive data vulnerability. Successful exploitation could lead to information leakage. | ||||
| CVE-2019-7964 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A |
| Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Successful exploitation could lead to remote code execution. | ||||
| CVE-2019-7957 | 3 Adobe, Apple, Microsoft | 3 Creative Cloud, Mac Os X, Windows | 2024-11-21 | N/A |
| Creative Cloud Desktop Application versions 4.6.1 and earlier have a security bypass vulnerability. Successful exploitation could lead to denial of service. | ||||
| CVE-2019-7951 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via crafted SOAP requests. | ||||
| CVE-2019-7942 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates. | ||||
| CVE-2019-7932 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create sitemaps can execute arbitrary PHP code by creating a malicious sitemap file. | ||||
| CVE-2019-7929 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges may be able to view metadata of a trusted device used by another administrator via a crafted http request. | ||||
| CVE-2019-7928 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the Magento merchant and PayPal. | ||||
| CVE-2019-7915 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Under certain conditions, an unauthenticated attacker could force the Magento store's full page cache to serve a 404 page to customers. | ||||
| CVE-2019-7904 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes. | ||||
| CVE-2019-7903 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template. | ||||
| CVE-2019-7896 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout update. | ||||