Total
474 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32835 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2025-04-24 | N/A | 6.7 MEDIUM |
| In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918. | |||||
| CVE-2024-20106 | 2 Google, Mediatek | 14 Android, Mt6739, Mt6761 and 11 more | 2025-04-24 | N/A | N/A |
| In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08960505; Issue ID: MSV-1590. | |||||
| CVE-2022-42841 | 1 Apple | 1 Macos | 2025-04-21 | N/A | 7.8 HIGH |
| A type confusion issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. Processing a maliciously crafted package may lead to arbitrary code execution. | |||||
| CVE-2022-42823 | 3 Apple, Debian, Fedoraproject | 8 Ipados, Iphone Os, Macos and 5 more | 2025-04-21 | N/A | 8.8 HIGH |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2023-23443 | 1 Hihonor | 1 Magic Os | 2025-04-17 | N/A | 7.1 HIGH |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2024-20010 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2025-04-17 | N/A | 6.7 MEDIUM |
| In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560. | |||||
| CVE-2025-32948 | 2025-04-15 | N/A | N/A | ||
| The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs (Blind SSRF). Attackers can send ActivityPub activities to PeerTube's "inbox" endpoint. By abusing the "Create Activity" functionality, it is possible to create crafted playlists which will cause either denial of service or an attacker-controlled blind SSRF. | |||||
| CVE-2022-25721 | 1 Qualcomm | 90 Aqt1000, Aqt1000 Firmware, Mdm9150 and 87 more | 2025-04-09 | N/A | 7.8 HIGH |
| Memory corruption in video driver due to type confusion error during video playback | |||||
| CVE-2019-0752 | 1 Microsoft | 14 Internet Explorer, Windows 10 1507, Windows 10 1607 and 11 more | 2025-04-08 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862. | |||||
| CVE-2025-1920 | 1 Google | 1 Chrome | 2025-04-07 | N/A | N/A |
| Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2016-7201 | 1 Microsoft | 5 Edge, Windows 10 1507, Windows 10 1511 and 2 more | 2025-04-04 | 7.6 HIGH | 8.8 HIGH |
| The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. | |||||
| CVE-2017-0037 | 1 Microsoft | 9 Edge, Internet Explorer, Windows 10 1507 and 6 more | 2025-04-04 | 7.6 HIGH | 8.1 HIGH |
| Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element. | |||||
| CVE-2018-8298 | 1 Microsoft | 1 Chakracore | 2025-04-04 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296. | |||||
| CVE-2019-11707 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | 7.5 HIGH | 8.8 HIGH |
| A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2. | |||||
| CVE-2020-27932 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2025-04-02 | 9.3 HIGH | 7.8 HIGH |
| A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-20461 | 1 Google | 1 Android | 2025-04-02 | N/A | 7.8 HIGH |
| In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963 | |||||
| CVE-2025-29806 | 1 Microsoft | 1 Edge Chromium | 2025-04-02 | N/A | 6.5 MEDIUM |
| No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2024-2887 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-28 | N/A | 7.7 HIGH |
| Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4205 | 1 Gitlab | 1 Gitlab | 2025-03-27 | N/A | 7.5 HIGH |
| In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. | |||||
| CVE-2023-20616 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6735 and 42 more | 2025-03-26 | N/A | 6.7 MEDIUM |
| In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07560720. | |||||