Edge Security Vulnerabilities

CVE-2021-2471

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors....

CVE-2021-37136

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS...

CVE-2021-42340

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was...

CVE-2021-22946

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (--ssl-reqd on the command line orCURLOPT_USE_SSL set to CURLUSESSL_CONTROL or CURLUSESSL_ALL withlibcurl). This requirement could be bypassed if the server would r...

CVE-2021-22947

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but....

CVE-2021-41536

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process...

CVE-2021-41539

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process...

CVE-2021-41538

A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while pa...

CVE-2021-41535

A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this....

CVE-2021-41534

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability ...

CVE-2021-41537

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process...

CVE-2021-41540

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process...

CVE-2021-41533

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability ...

CVE-2020-4805

IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID:...

CVE-2020-4941

IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID:...

CVE-2020-4809

IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID:...

CVE-2020-4803

IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID:...

CVE-2021-23443

This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), even if {{ }} are...

CVE-2021-38669

Microsoft Edge (Chromium-based) Tampering...

CVE-2021-37202

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage...

CVE-2021-37203

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This coul...

CVE-2021-37184

A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected...

CVE-2021-30623

Chromium: CVE-2021-30623 Use after free in...

CVE-2021-30624

Chromium: CVE-2021-30624 Use after free in...

CVE-2021-30614

Chromium: CVE-2021-30614 Heap buffer overflow in...

CVE-2021-30621

Chromium: CVE-2021-30621 UI Spoofing in...

CVE-2021-30607

Chromium: CVE-2021-30607 Use after free in...

CVE-2021-30610

Chromium: CVE-2021-30610 Use after free in Extensions...

CVE-2021-30613

Chromium: CVE-2021-30613 Use after free in Base...

CVE-2021-30615

Chromium: CVE-2021-30615 Cross-origin data leak in...

CVE-2021-30619

Chromium: CVE-2021-30619 UI Spoofing in...

CVE-2021-30622

Chromium: CVE-2021-30622 Use after free in WebApp...

CVE-2021-30618

Chromium: CVE-2021-30618 Inappropriate implementation in...

CVE-2021-30609

Chromium: CVE-2021-30609 Use after free in...

CVE-2021-30616

Chromium: CVE-2021-30616 Use after free in...

CVE-2021-30620

Chromium: CVE-2021-30620 Insufficient policy enforcement in...

CVE-2021-30617

Chromium: CVE-2021-30617 Policy bypass in...

CVE-2021-30608

Chromium: CVE-2021-30608 Use after free in Web...

CVE-2021-30606

Chromium: CVE-2021-30606 Use after free in...

CVE-2021-30611

Chromium: CVE-2021-30611 Use after free in...

CVE-2021-30612

Chromium: CVE-2021-30612 Use after free in...

CVE-2021-38641

Microsoft Edge for Android Spoofing...

CVE-2021-26439

Microsoft Edge for Android Information Disclosure...

CVE-2021-26436

Microsoft Edge (Chromium-based) Elevation of Privilege...

CVE-2021-38642

Microsoft Edge for iOS Spoofing...

CVE-2021-36930

Microsoft Edge (Chromium-based) Elevation of Privilege...

CVE-2021-36931

Microsoft Edge (Chromium-based) Elevation of Privilege...

CVE-2021-36929

Microsoft Edge (Chromium-based) Information Disclosure...

CVE-2021-36928

Microsoft Edge (Chromium-based) Elevation of Privilege...

CVE-2021-3711

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...