Edge Security Vulnerabilities

CVE-2021-41536

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process...

CVE-2021-41533

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability ...

CVE-2021-41538

A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while pa...

CVE-2021-41539

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process...

CVE-2021-41535

A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this....

CVE-2021-41534

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability ...

CVE-2021-41537

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process...

CVE-2021-41540

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process...

CVE-2020-4803

IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID:...

CVE-2020-4805

IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID:...

CVE-2020-4941

IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID:...

CVE-2020-4809

IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID:...

CVE-2021-23443

This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), even if {{ }} are...

CVE-2021-38669

Microsoft Edge (Chromium-based) Tampering...

CVE-2021-37184

A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected...

CVE-2021-37202

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage...

CVE-2021-37203

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This coul...

CVE-2021-30607

Chromium: CVE-2021-30607 Use after free in...

CVE-2021-30614

Chromium: CVE-2021-30614 Heap buffer overflow in...

CVE-2021-30621

Chromium: CVE-2021-30621 UI Spoofing in...

CVE-2021-30610

Chromium: CVE-2021-30610 Use after free in Extensions...

CVE-2021-30613

Chromium: CVE-2021-30613 Use after free in Base...

CVE-2021-30615

Chromium: CVE-2021-30615 Cross-origin data leak in...

CVE-2021-30619

Chromium: CVE-2021-30619 UI Spoofing in...

CVE-2021-30623

Chromium: CVE-2021-30623 Use after free in...

CVE-2021-30616

Chromium: CVE-2021-30616 Use after free in...

CVE-2021-30609

Chromium: CVE-2021-30609 Use after free in...

CVE-2021-30618

Chromium: CVE-2021-30618 Inappropriate implementation in...

CVE-2021-30620

Chromium: CVE-2021-30620 Insufficient policy enforcement in...

CVE-2021-30622

Chromium: CVE-2021-30622 Use after free in WebApp...

CVE-2021-30606

Chromium: CVE-2021-30606 Use after free in...

CVE-2021-30608

Chromium: CVE-2021-30608 Use after free in Web...

CVE-2021-30611

Chromium: CVE-2021-30611 Use after free in...

CVE-2021-30617

Chromium: CVE-2021-30617 Policy bypass in...

CVE-2021-30612

Chromium: CVE-2021-30612 Use after free in...

CVE-2021-30624

Chromium: CVE-2021-30624 Use after free in...

CVE-2021-38641

Microsoft Edge for Android Spoofing...

CVE-2021-26439

Microsoft Edge for Android Information Disclosure...

CVE-2021-26436

Microsoft Edge (Chromium-based) Elevation of Privilege...

CVE-2021-38642

Microsoft Edge for iOS Spoofing...

CVE-2021-36930

Microsoft Edge (Chromium-based) Elevation of Privilege...

CVE-2021-36931

Microsoft Edge (Chromium-based) Elevation of Privilege...

CVE-2021-36929

Microsoft Edge (Chromium-based) Information Disclosure...

CVE-2021-36928

Microsoft Edge (Chromium-based) Elevation of Privilege...

CVE-2021-37178

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml...

CVE-2021-37179

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). The PSKERNEL.dll library in affected application lacks proper validation while parsing user-supplied OBJ files that could lead to a use-after-free condition. An attacker could leverage this vulnerability to...

CVE-2021-37180

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). The PSKERNEL.dll library lacks proper validation while parsing user-supplied OBJ files that could cause an out of bounds access to an uninitialized pointer. An attacker could leverage this vulnerability to execu...

CVE-2021-27338

Faraday Edge before 3.7 allows XSS via the network/create/ page and its network name...

CVE-2021-34327

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing ASM file...

CVE-2021-34326

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR file...