Vulnerabilities (CVE)

Filtered by CWE-843
Total 367 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-51428 1 Hihonor 1 Magic Os 2024-01-04 N/A 7.1 HIGH
Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.
CVE-2021-28468 1 Microsoft 1 Raw Image Extension 2023-12-29 6.8 MEDIUM 7.8 HIGH
Raw Image Extension Remote Code Execution Vulnerability
CVE-2021-38658 1 Microsoft 1 Office 2023-12-28 6.8 MEDIUM 7.8 HIGH
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2022-41033 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2023-12-20 N/A 7.8 HIGH
Windows COM+ Event System Service Elevation of Privilege Vulnerability
CVE-2023-48694 1 Microsoft 1 Azure Rtos Usbx 2023-12-10 N/A 9.8 CRITICAL
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference and type confusion vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host class, related to device linked classes, ASIX, Prolific, SWAR, audio, CDC ECM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-6045 1 Openharmony 1 Openharmony 2023-12-10 N/A 7.8 HIGH
in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion.
CVE-2023-41257 1 Foxitsoftware 1 Foxit Reader 2023-12-10 N/A 8.8 HIGH
A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
CVE-2023-46705 1 Openharmony 1 Openharmony 2023-12-10 N/A 5.5 MEDIUM
in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion.
CVE-2023-43154 1 Macs Cms Project 1 Macs Cms 2023-12-10 N/A 9.8 CRITICAL
In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account.
CVE-2023-44094 1 Huawei 2 Emui, Harmonyos 2023-12-10 N/A 5.3 MEDIUM
Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.
CVE-2023-44108 1 Huawei 2 Emui, Harmonyos 2023-12-10 N/A 7.5 HIGH
Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.
CVE-2023-32835 2 Google, Mediatek 58 Android, Mt6580, Mt6731 and 55 more 2023-12-10 N/A 6.7 MEDIUM
In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918.
CVE-2023-21287 1 Google 1 Android 2023-12-10 N/A 9.8 CRITICAL
In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2022-4912 1 Google 1 Chrome 2023-12-10 N/A 8.8 HIGH
Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-46706 1 Apple 2 Mac Os X, Macos 2023-12-10 N/A 7.8 HIGH
A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges.
CVE-2023-32834 2 Google, Mediatek 48 Android, Mt6580, Mt6735 and 45 more 2023-12-10 N/A 6.7 MEDIUM
In secmem, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161762; Issue ID: ALPS08161762.
CVE-2023-38199 1 Owasp 1 Coreruleset 2023-12-10 N/A 9.8 CRITICAL
coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the web application relies on only the last Content-Type header. Other platforms may reject the additional Content-Type header or merge conflicting headers, leading to detection as a malformed header.
CVE-2023-36887 1 Microsoft 1 Edge Chromium 2023-12-10 N/A 7.8 HIGH
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2023-32818 2 Google, Mediatek 11 Android, Mt6761, Mt6763 and 8 more 2023-12-10 N/A 6.7 MEDIUM
In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715.
CVE-2023-28575 1 Qualcomm 120 205, 205 Firmware, 215 and 117 more 2023-12-10 N/A 7.8 HIGH
The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.