Magento » Magento : Security Vulnerabilities, CVEs, (Denial of service) CVSS score >= 2

CVE-2019-8133

A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with privileges to generate sitemaps can bypass configuration that restricts directory access. The bypass allows overwrite of a subset of configuration files which can lead to denial of service.
Max CVSS
6.5
EPSS Score
0.08%
Published
2019-11-06
Updated
2020-08-24

CVE-2019-7928

A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the Magento merchant and PayPal.
Max CVSS
7.5
EPSS Score
0.11%
Published
2019-08-02
Updated
2020-08-24

CVE-2019-7915

A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Under certain conditions, an unauthenticated attacker could force the Magento store's full page cache to serve a 404 page to customers.
Max CVSS
7.5
EPSS Score
0.11%
Published
2019-08-02
Updated
2020-08-24
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close