Total
225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33101 | 1 Qualcomm | 208 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 205 more | 2025-08-11 | N/A | 7.5 HIGH |
| Transient DOS while processing DL NAS TRANSPORT message with payload length 0. | |||||
| CVE-2025-54429 | 2025-07-28 | N/A | N/A | ||
| Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for safety. For precompiles to be callable by smart contracts they must be explicitly configured as CallableByContract. If this configuration is absent, then the precompile should be unreachable via smart contract accounts. In commits prior to 0822030, the underlying implementation of CallableByContract which returned the AddressType was incorrect. It considered the contract address running under CREATE or CREATE2 to be AddressType::EOA rather than correctly as AddressType::Contract. The issue only affects users who use custom precompile implementations that utilize AddressType::EOA and AddressType::Contract. It's not directly exploitable in any of the predefined precompiles in Frontier. This is fixed in version 0822030. | |||||
| CVE-2025-41648 | 2025-07-01 | N/A | 9.8 CRITICAL | ||
| An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI. | |||||
| CVE-2025-41646 | 1 Kunbus | 1 Revpi Status | 2025-06-10 | N/A | 9.8 CRITICAL |
| An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device | |||||
| CVE-2023-35816 | 1 Devexpress | 1 Devexpress | 2025-06-05 | N/A | 5.3 MEDIUM |
| DevExpress before 23.1.3 allows arbitrary TypeConverter conversion. | |||||
| CVE-2021-39989 | 1 Huawei | 1 Harmonyos | 2025-05-22 | 5.0 MEDIUM | 7.5 HIGH |
| The HwNearbyMain module has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability may cause a process to restart. | |||||
| CVE-2022-41828 | 1 Amazon | 1 Amazon Web Services Redshift Java Database Connectivity Driver | 2025-05-20 | N/A | 8.1 HIGH |
| In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name. | |||||
| CVE-2022-49873 | 1 Linux | 1 Linux Kernel | 2025-05-07 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: bpf: Fix wrong reg type conversion in release_reference() Some helper functions will allocate memory. To avoid memory leaks, the verifier requires the eBPF program to release these memories by calling the corresponding helper functions. When a resource is released, all pointer registers corresponding to the resource should be invalidated. The verifier use release_references() to do this job, by apply __mark_reg_unknown() to each relevant register. It will give these registers the type of SCALAR_VALUE. A register that will contain a pointer value at runtime, but of type SCALAR_VALUE, which may allow the unprivileged user to get a kernel pointer by storing this register into a map. Using __mark_reg_not_init() while NOT allow_ptr_leaks can mitigate this problem. | |||||
| CVE-2022-25715 | 1 Qualcomm | 64 Aqt1000, Aqt1000 Firmware, Mdm9150 and 61 more | 2025-04-09 | N/A | 7.8 HIGH |
| Memory corruption in display driver due to incorrect type casting while accessing the fence structure fields | |||||
| CVE-2024-43058 | 2025-04-07 | N/A | 7.8 HIGH | ||
| Memory corruption while processing IOCTL calls. | |||||
| CVE-2024-2606 | 1 Mozilla | 1 Firefox | 2025-04-01 | N/A | N/A |
| Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124. | |||||
| CVE-2025-1057 | 2025-03-15 | N/A | 4.3 MEDIUM | ||
| A flaw was found in Keylime, a remote attestation solution, where strict type checking introduced in version 7.12.0 prevents the registrar from reading database entries created by previous versions, for example, 7.11.0. Specifically, older versions store agent registration data as bytes, whereas the updated registrar expects str. This issue leads to an exception when processing agent registration requests, causing the agent to fail. | |||||
| CVE-2023-6249 | 1 Zephyrproject | 1 Zephyr | 2025-01-23 | N/A | 9.8 CRITICAL |
| Signed to unsigned conversion esp32_ipm_send | |||||
| CVE-2023-28162 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-01-09 | N/A | 8.8 HIGH |
| While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | |||||
| CVE-2016-5263 | 2 Mozilla, Oracle | 2 Firefox, Linux | 2024-10-22 | 6.8 MEDIUM | 8.8 HIGH |
| The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion." | |||||
| CVE-2024-39589 | 1 Openplcproject | 1 Openplc V3 Firmware | 2024-09-26 | N/A | 7.5 HIGH |
| Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the `Protected_Logical_Read_Reply` function | |||||
| CVE-2024-39590 | 1 Openplcproject | 1 Openplc V3 Firmware | 2024-09-26 | N/A | 7.5 HIGH |
| Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the `Protected_Logical_Write_Reply` function | |||||
| CVE-2024-26015 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-09-09 | N/A | 4.7 MEDIUM |
| An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests. | |||||
| CVE-2024-32893 | 1 Google | 1 Android | 2024-07-11 | N/A | 5.5 MEDIUM |
| In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-3979 | 1 Nagvis | 1 Nagvis | 2024-05-17 | N/A | 8.1 HIGH |
| A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.9.34 is able to address this issue. The identifier of the patch is 7574fd8a2903282c2e0d1feef5c4876763db21d5. It is recommended to upgrade the affected component. The identifier VDB-213557 was assigned to this vulnerability. | |||||