Total
474 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1214 | 1 Google | 1 Chrome | 2024-10-17 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-0473 | 1 Google | 1 Chrome | 2024-10-17 | N/A | 8.8 HIGH |
| Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-6702 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Edge Chromium | 2024-10-08 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2021-31344 | 1 Siemens | 17 Apogee Modular Building Controller, Apogee Modular Building Controller Firmware, Apogee Modular Equiment Controller and 14 more | 2024-10-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004) | |||||
| CVE-2024-5830 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-09-25 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-38209 | 1 Microsoft | 1 Edge Chromium | 2024-09-19 | N/A | 7.8 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2024-45112 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-09-19 | N/A | 7.8 HIGH |
| Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when a resource is accessed using a type that is not compatible with the actual object type, leading to a logic error that an attacker could exploit. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-44108 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-18 | N/A | 7.5 HIGH |
| Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart. | |||||
| CVE-2023-34967 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-09-16 | N/A | 5.3 MEDIUM |
| A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves. | |||||
| CVE-2024-8638 | 1 Google | 1 Chrome | 2024-09-13 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-36278 | 1 Openatom | 1 Openharmony | 2024-09-09 | N/A | 3.3 LOW |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion. | |||||
| CVE-2023-0083 | 1 Openatom | 1 Openharmony | 2024-09-09 | N/A | 5.5 MEDIUM |
| The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash. | |||||
| CVE-2024-31071 | 1 Openatom | 1 Openharmony | 2024-09-09 | N/A | 3.3 LOW |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion. | |||||
| CVE-2023-46705 | 1 Openatom | 1 Openharmony | 2024-09-09 | N/A | 5.5 MEDIUM |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion. | |||||
| CVE-2023-6045 | 1 Openatom | 1 Openharmony | 2024-09-09 | N/A | 7.8 HIGH |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion. | |||||
| CVE-2024-8381 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-09-06 | N/A | 9.8 CRITICAL |
| A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. | |||||
| CVE-2024-8385 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-09-06 | N/A | 9.8 CRITICAL |
| A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. | |||||
| CVE-2023-32818 | 2 Google, Mediatek | 11 Android, Mt6761, Mt6763 and 8 more | 2024-09-05 | N/A | 6.7 MEDIUM |
| In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715. | |||||
| CVE-2024-8194 | 1 Google | 1 Chrome | 2024-08-30 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-38219 | 1 Microsoft | 1 Edge Chromium | 2024-08-29 | N/A | 9.0 CRITICAL |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||