Total
382 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31461 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the the handling of app.media objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process Was ZDI-CAN-13333. | |||||
| CVE-2021-29513 | 1 Google | 1 Tensorflow | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. The conversion from Python array to C++ array(https://github.com/tensorflow/tensorflow/blob/ff70c47a396ef1e3cb73c90513da4f5cb71bebba/tensorflow/python/lib/core/ndarray_tensor.cc#L113-L169) is vulnerable to a type confusion. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2021-27038 | 1 Autodesk | 1 Design Review | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. A malicious actor can leverage this to execute arbitrary code. | |||||
| CVE-2021-23908 | 1 Mercedes-benz | 8 A 220, A 220 4matic, E 350 and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leading to remote code execution. | |||||
| CVE-2021-30954 | 3 Apple, Debian, Fedoraproject | 8 Ipados, Iphone Os, Macos and 5 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-22354 | 1 Huawei | 2 Emui, Magic Ui | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is an Information Disclosure Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds read. | |||||
| CVE-2021-30599 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||||
| CVE-2021-30551 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-13547 | 1 Foxitsoftware | 1 Foxit Reader | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
| CVE-2020-16009 | 6 Cefsharp, Debian, Fedoraproject and 3 more | 8 Cefsharp, Debian Linux, Fedora and 5 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-0352 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
| In RT regmap driver, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05453809. | |||||
| CVE-2020-26990 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11897) | |||||
| CVE-2020-25661 | 1 Redhat | 1 Enterprise Linux | 2023-12-10 | 8.3 HIGH | 8.8 HIGH |
| A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2021-23954 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | |||||
| CVE-2020-27293 | 1 Deltaww | 1 Cncsoft-b | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type confusion issue while processing project files, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2020-9948 | 3 Apple, Debian, Webkit | 3 Safari, Debian Linux, Webkitgtk\+ | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-16103 | 1 Gallagher | 1 Command Centre | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions. | |||||
| CVE-2021-25177 | 2 Opendesign, Siemens | 4 Drawings Software Development Kit, Comos, Jt2go and 1 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). | |||||
| CVE-2020-26980 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing JT files. A crafted JT file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11881) | |||||
| CVE-2020-27932 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||