VYPR

Packagist (Composer) package

magento/community-edition

pkg:composer/magento/community-edition

Vulnerabilities (355)

  • CVE-2024-45134Oct 10, 2024
    affected >= 2.4.7-beta1, < 2.4.7-p3fixed 2.4.7-p3

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may

  • CVE-2024-45129Oct 10, 2024
    affected >= 2.4.7-beta1, < 2.4.7-p3fixed 2.4.7-p3

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low i

  • CVE-2024-45118Oct 10, 2024
    affected >= 2.4.7-beta1, < 2.4.7-p3fixed 2.4.7-p3

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have hi

  • CVE-2024-45149Oct 10, 2024
    affected >= 2.4.7-beta1, < 2.4.7-p3fixed 2.4.7-p3

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a

  • CVE-2024-45125Oct 10, 2024
    affected >= 2.4.7-beta1, < 2.4.7-p3fixed 2.4.7-p3

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Explo

  • CVE-2024-39419Aug 14, 2024
    affected >= 2.4.7-beta1, < 2.4.7-p2fixed 2.4.7-p2

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify mi

  • CVE-2024-39403Aug 14, 2024
    affected >= 2.4.7-beta1, < 2.4.7-p2fixed 2.4.7-p2

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be exec

  • CVE-2024-39418Aug 14, 2024
    affected >= 2.4.7-beta1, < 2.4.7-p2fixed 2.4.7-p2

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures to view and e

  • CVE-2024-39413Aug 14, 2024
    affected >= 2.4.7-beta1, < 2.4.7-p2fixed 2.4.7-p2

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose

  • CVE-2024-39399Aug 14, 2024
    affected >= 2.4.7-beta1, < 2.4.7-p2fixed 2.4.7-p2

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this v

  • CVE-2024-39408Aug 14, 2024
    affected >= 2.4.7-p1, < 2.4.7-p2fixed 2.4.7-p2

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be

  • CVE-2024-39417Aug 14, 2024
    affected >= 2.4.7-beta1, < 2.4.7-p2fixed 2.4.7-p2

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose

  • CVE-2024-39410Aug 14, 2024
    affected >= 2.4.7-p1, < 2.4.7-p2fixed 2.4.7-p2

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could b

  • CVE-2024-39407Aug 14, 2024
    affected >= 2.4.7-beta1, < 2.4.7-p2fixed 2.4.7-p2

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify mi

  • CVE-2024-39398Aug 14, 2024
    affected >= 2.4.7-beta1, < 2.4.7-p2fixed 2.4.7-p2

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute forc

  • CVE-2024-39401Aug 14, 2024
    affected >= 2.4.7-beta1, < 2.4.7-p2fixed 2.4.7-p2

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of

  • CVE-2024-39409Aug 14, 2024
    affected >= 2.4.7-p1, < 2.4.7-p2fixed 2.4.7-p2

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could b

  • CVE-2024-39411Aug 14, 2024
    affected >= 2.4.7-beta1, < 2.4.7-p2fixed 2.4.7-p2

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose

  • CVE-2024-39416Aug 14, 2024
    affected >= 2.4.7-beta1, < 2.4.7-p2fixed 2.4.7-p2

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose

  • CVE-2024-39414Aug 14, 2024
    affected >= 2.4.7-beta1, < 2.4.7-p2fixed 2.4.7-p2

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose

Page 4 of 18