CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-29057 – Microsoft Edge (Chromium-based) Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-29057
22 Mar 2024 — Microsoft Edge (Chromium-based) Spoofing Vulnerability Vulnerabilidad de suplantación de identidad en Microsoft Edge (basado en Chromium) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29057 • CWE-357: Insufficient UI Warning of Dangerous Operations •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26247 – Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-26247
22 Mar 2024 — Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Vulnerabilidad de omisión de característica de seguridad de Microsoft Edge (basada en Chromium) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26247 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26246 – Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-26246
14 Mar 2024 — Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Vulnerabilidad de omisión de característica de seguridad de Microsoft Edge (basada en Chromium) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26246 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26196 – Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-26196
29 Feb 2024 — Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability Vulnerabilidad de divulgación de información en Microsoft Edge para Android (basado en Chromium) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26196 • CWE-259: Use of Hard-coded Password •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-42794
https://notcve.org/view.php?id=CVE-2021-42794
16 Dec 2023 — An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses. Se descubrió un problema en las versiones R2020 y anteriores de AVEVA Edge (anteriormente InduSoft Web Studio). La aplicación permite a un cliente proporcionar una cadena de conexión maliciosa que podría permitir a un adversario escanear puertos de la LAN, ... • https://www.aveva.com/en/products/edge •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-42796
https://notcve.org/view.php?id=CVE-2021-42796
16 Dec 2023 — An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed. Se descubrió un problema en ExecuteCommand() en las versiones R2020 y anteriores de AVEVA Edge (anteriormente InduSoft Web Studio) que permite ejecutar comandos arbitrarios no autenticados. • https://www.aveva.com/en/products/edge • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-42797
https://notcve.org/view.php?id=CVE-2021-42797
16 Dec 2023 — Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources. Vulnerabilidad de path traversal en las versiones R2020 y anteriores de AVEVA Edge (anteriormente InduSoft Web Studio) permite que un usuario no autenticado robe el token de acceso de Windows de la cuenta de usuario configurada para acceder a recursos de base de datos externos. • https://www.aveva.com/en/products/edge • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36029 – Microsoft Edge (Chromium-based) Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-36029
03 Nov 2023 — Microsoft Edge (Chromium-based) Spoofing Vulnerability Vulnerabilidad de suplantación de identidad en Microsoft Edge (Chromium-based) Multiple vulnerabilities have been discovered in Microsoft Edge, the worst of which could lead to remote code execution. Versions greater than or equal to 120.0.2210.61 are affected. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36029 •
CVSS: 10.0EPSS: 1%CPEs: 25EXPL: 2CVE-2023-5217 – Google Chromium libvpx Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-5217
28 Sep 2023 — Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento del búfer en la codificación vp8 en libvpx en Google Chrome anterior a 117.0.5938.132 y libvpx 1.13.1 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) A... • https://github.com/UT-Security/cve-2023-5217-poc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •