CVE-2024-29057 – Microsoft Edge (Chromium-based) Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-29057
Microsoft Edge (Chromium-based) Spoofing Vulnerability Vulnerabilidad de suplantación de identidad en Microsoft Edge (basado en Chromium) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29057 • CWE-357: Insufficient UI Warning of Dangerous Operations •
CVE-2024-26247 – Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-26247
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Vulnerabilidad de omisión de característica de seguridad de Microsoft Edge (basada en Chromium) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26247 • CWE-269: Improper Privilege Management •
CVE-2024-26246 – Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-26246
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Vulnerabilidad de omisión de característica de seguridad de Microsoft Edge (basada en Chromium) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26246 • CWE-1220: Insufficient Granularity of Access Control •
CVE-2024-26196 – Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-26196
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability Vulnerabilidad de divulgación de información en Microsoft Edge para Android (basado en Chromium) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26196 • CWE-259: Use of Hard-coded Password •
CVE-2021-42794
https://notcve.org/view.php?id=CVE-2021-42794
An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses. Se descubrió un problema en las versiones R2020 y anteriores de AVEVA Edge (anteriormente InduSoft Web Studio). La aplicación permite a un cliente proporcionar una cadena de conexión maliciosa que podría permitir a un adversario escanear puertos de la LAN, dependiendo de las respuestas de los hosts. • https://www.aveva.com/en/products/edge https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01 https://www.exploit-db.com/docs/english/17254-connection-string-parameter-pollution-attacks.pdf •