Total
386 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-8251 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to information disclosure. | |||||
CVE-2020-5754 | 1 Webroot | 1 Endpoint Agents | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Webroot endpoint agents prior to version v9.0.28.48 allows remote attackers to trigger a type confusion vulnerability over its listening TCP port, resulting in crashing or reading memory contents of the Webroot endpoint agent. | |||||
CVE-2019-8249 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
CVE-2020-15638 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NodeProperties::InferReceiverMapsUnsafe method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10950. | |||||
CVE-2020-7081 | 1 Autodesk | 1 Fbx Software Development Kit | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it. | |||||
CVE-2020-10889 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the DuplicatePages command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9828. | |||||
CVE-2020-0336 | 1 Google | 1 Android | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
In SurfaceFlinger, there is possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153467444 | |||||
CVE-2020-0224 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out of bounds write due to type confusion. This could lead to remote code execution when processing a proxy configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147664838 | |||||
CVE-2020-6464 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Leap | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2019-20583 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the EXT_FR Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14847 (August 2019). | |||||
CVE-2019-20589 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SKPM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14892 (August 2019). | |||||
CVE-2020-3901 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
CVE-2019-20586 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (with TEEGRIS) software. There is type confusion in the FINGERPRINT Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14864 (August 2019). | |||||
CVE-2020-1421 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | |||||
CVE-2019-15792 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *". As the private_data is not required to be a pointer, an attacker can use this to cause a denial of service or possibly execute arbitrary code. | |||||
CVE-2020-10909 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AddWatermark command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9942. | |||||
CVE-2020-16229 | 1 Advantech | 1 Webaccess\/hmi Designer | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. | |||||
CVE-2019-8252 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to information disclosure. | |||||
CVE-2020-3897 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. | |||||
CVE-2020-10611 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. Authentication is not required to exploit this vulnerability. Only applicable to installations using DNP3 Data Sets. |