Edge Security Vulnerabilities
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption...
7.5CVSS
8.1AI Score
0.021EPSS
A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka 'Microsoft Browsers Security Feature Bypass...
4.3CVSS
6AI Score
0.001EPSS
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0770, CVE-2019-0771,...
7.5CVSS
7.6AI Score
0.021EPSS
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure...
6.5CVSS
6.6AI Score
0.157EPSS
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to....
6.8CVSS
7.1AI Score
0.001EPSS
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from...
7.5CVSS
7.4AI Score
0.021EPSS
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773,...
7.5CVSS
7.6AI Score
0.021EPSS
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from...
7.5CVSS
7.4AI Score
0.021EPSS
A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. By itself, this bypass vulnerability does not allow arbitrary code execution, aka 'Microsoft Edge Security Feature Bypass...
5.3CVSS
6.8AI Score
0.004EPSS
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773,....
7.5CVSS
7.6AI Score
0.021EPSS
In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious...
7.5CVSS
7.5AI Score
0.001EPSS
On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a denial of...
7.5CVSS
7.4AI Score
0.001EPSS
In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self...
7.5CVSS
7.4AI Score
0.001EPSS
On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, the snmpd daemon may leak memory on a multi-blade BIG-IP vCMP guest when processing authorized SNMP...
5.9CVSS
5.7AI Score
0.001EPSS
On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, hardware systems with a High-Speed Bridge and using non-default Layer 2 forwarding configurations may experience a lockup of the High-Speed...
6.8CVSS
6.6AI Score
0.001EPSS
On BIG-IP 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, when processing certain SNMP requests with a request-id of 0, the snmpd process may leak a small amount of...
4.3CVSS
4.6AI Score
0.001EPSS
In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the login page. This can lead to....
6.1CVSS
6.3AI Score
0.001EPSS
In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack....
4.3CVSS
4.5AI Score
0.001EPSS
In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands...
7.2CVSS
6.9AI Score
0.001EPSS
A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects, aka 'Microsoft Browser Spoofing...
4.3CVSS
6.3AI Score
0.001EPSS
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607,...
7.5CVSS
7.7AI Score
0.082EPSS
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607,...
7.5CVSS
7.7AI Score
0.082EPSS
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0634,...
7.5CVSS
8.6AI Score
0.011EPSS
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0610,...
7.5CVSS
7.7AI Score
0.082EPSS
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. This CVE ID is unique from...
6.5CVSS
4.8AI Score
0.014EPSS
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607,...
7.5CVSS
7.7AI Score
0.082EPSS
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607,...
7.5CVSS
7.7AI Score
0.082EPSS
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object.....
4.3CVSS
4.8AI Score
0.014EPSS
A vulnerability exists in Microsoft Chakra JIT server, aka 'Scripting Engine Elevation of Privileged...
8.1CVSS
8.1AI Score
0.002EPSS
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610,...
7.5CVSS
7.7AI Score
0.082EPSS
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0645,...
7.5CVSS
8.6AI Score
0.011EPSS
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0634,...
7.5CVSS
8.6AI Score
0.011EPSS
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610,...
7.5CVSS
7.7AI Score
0.082EPSS
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0607, CVE-2019-0610,...
7.5CVSS
7.7AI Score
0.082EPSS
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607,...
7.5CVSS
7.7AI Score
0.082EPSS
An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka 'Microsoft Edge Information Disclosure...
4.3CVSS
5.5AI Score
0.004EPSS
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610,...
7.5CVSS
7.7AI Score
0.082EPSS
A security feature bypass vulnerability exists in Microsoft Edge handles whitelisting, aka 'Microsoft Edge Security Feature Bypass...
5.9CVSS
7.1AI Score
0.001EPSS
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607,...
7.5CVSS
7.7AI Score
0.082EPSS
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607,...
7.5CVSS
7.7AI Score
0.082EPSS
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is...
5.9CVSS
6.1AI Score
0.01EPSS
On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle (MITM) attack, despite the....
5.9CVSS
4.5AI Score
0.001EPSS
On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file when validating SSL certificates in client SSL or server SSL...
9.1CVSS
9.2AI Score
0.001EPSS
On BIG-IP 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, and 14.0.0-14.0.0.2, Multi-Path TCP (MPTCP) does not protect against multiple zero length DATA_FINs in the reassembly queue, which can lead to an infinite loop in some...
5.9CVSS
5.7AI Score
0.001EPSS
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in...
7.8CVSS
7.7AI Score
0.001EPSS
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template...
6.1CVSS
5.8AI Score
0.004EPSS
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a...
8.1CVSS
7.7AI Score
0.036EPSS
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration...
6.1CVSS
6AI Score
0.001EPSS
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server...
7.5CVSS
8.7AI Score
0.005EPSS
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the...
9.8CVSS
9.4AI Score
0.013EPSS