Edge
by WordPress
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-8225 | Hig | 0.51 | 7.8 | 0.00 | Jan 26, 2017 | Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges. | ||
| CVE-2024-34376 | Med | 0.42 | 6.5 | 0.00 | May 6, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Freesia Edge allows Stored XSS.This issue affects Edge: from n/a through 2.0.9. | ||
| CVE-2021-42796 | 0.00 | — | 0.00 | Dec 16, 2023 | An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed. | |||
| CVE-2022-36970 | 0.00 | — | 0.00 | Mar 29, 2023 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 20.0 Build: 4201.2111.1802.0000 Service Pack 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a… | |||
| CVE-2022-28686 | 0.00 | — | 0.00 | Mar 29, 2023 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.… | |||
| CVE-2022-28685 | 0.00 | — | 0.04 | Mar 29, 2023 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.… | |||
| CVE-2022-28688 | 0.00 | — | 0.00 | Mar 29, 2023 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.… | |||
| CVE-2020-4941 | 0.00 | — | 0.00 | Sep 23, 2021 | IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 191941. | |||
| CVE-2020-4809 | 0.00 | — | 0.00 | Sep 23, 2021 | IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633. | |||
| CVE-2020-4805 | 0.00 | — | 0.00 | Sep 23, 2021 | IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539. | |||
| CVE-2020-4803 | 0.00 | — | 0.00 | Sep 23, 2021 | IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535. | |||
| CVE-2020-4792 | 0.00 | — | 0.00 | Apr 5, 2021 | IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189441. |
- risk 0.51cvss 7.8epss 0.00
Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Freesia Edge allows Stored XSS.This issue affects Edge: from n/a through 2.0.9.
- CVE-2021-42796Dec 16, 2023risk 0.00cvss —epss 0.00
An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed.
- CVE-2022-36970Mar 29, 2023risk 0.00cvss —epss 0.00
This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 20.0 Build: 4201.2111.1802.0000 Service Pack 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a…
- CVE-2022-28686Mar 29, 2023risk 0.00cvss —epss 0.00
This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.…
- CVE-2022-28685Mar 29, 2023risk 0.00cvss —epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.…
- CVE-2022-28688Mar 29, 2023risk 0.00cvss —epss 0.00
This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.…
- CVE-2020-4941Sep 23, 2021risk 0.00cvss —epss 0.00
IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 191941.
- CVE-2020-4809Sep 23, 2021risk 0.00cvss —epss 0.00
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633.
- CVE-2020-4805Sep 23, 2021risk 0.00cvss —epss 0.00
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539.
- CVE-2020-4803Sep 23, 2021risk 0.00cvss —epss 0.00
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535.
- CVE-2020-4792Apr 5, 2021risk 0.00cvss —epss 0.00
IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189441.