Total
376 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-44108 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-10 | N/A | 7.5 HIGH |
Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart. | |||||
CVE-2023-32835 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2023-12-10 | N/A | 6.7 MEDIUM |
In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918. | |||||
CVE-2023-21287 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2022-4912 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2022-46706 | 1 Apple | 2 Mac Os X, Macos | 2023-12-10 | N/A | 7.8 HIGH |
A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2023-32834 | 2 Google, Mediatek | 48 Android, Mt6580, Mt6735 and 45 more | 2023-12-10 | N/A | 6.7 MEDIUM |
In secmem, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161762; Issue ID: ALPS08161762. | |||||
CVE-2023-38199 | 1 Owasp | 1 Coreruleset | 2023-12-10 | N/A | 9.8 CRITICAL |
coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the web application relies on only the last Content-Type header. Other platforms may reject the additional Content-Type header or merge conflicting headers, leading to detection as a malformed header. | |||||
CVE-2023-36887 | 1 Microsoft | 1 Edge Chromium | 2023-12-10 | N/A | 7.8 HIGH |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
CVE-2023-32818 | 2 Google, Mediatek | 11 Android, Mt6761, Mt6763 and 8 more | 2023-12-10 | N/A | 6.7 MEDIUM |
In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715. | |||||
CVE-2023-32358 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-12-10 | N/A | 8.8 HIGH |
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. | |||||
CVE-2023-28729 | 1 Panasonic | 1 Control Fpwin Pro | 2023-12-10 | N/A | 7.8 HIGH |
A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. | |||||
CVE-2023-1078 | 1 Linux | 1 Linux Kernel | 2023-12-10 | N/A | 7.8 HIGH |
A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption. | |||||
CVE-2023-25933 | 1 Facebook | 1 Hermes | 2023-12-10 | N/A | 9.8 CRITICAL |
A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
CVE-2023-2724 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2021-33970 | 1 Browser.360 | 1 Chrome | 2023-12-10 | N/A | 10.0 CRITICAL |
Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges. | |||||
CVE-2023-20673 | 2 Google, Mediatek | 43 Android, Iot Yocto, Mt5696 and 40 more | 2023-12-10 | N/A | 6.7 MEDIUM |
In vcu, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519103. | |||||
CVE-2022-37377 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2023-12-10 | N/A | 7.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor 11.1.1.53537;. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JavaScript optimizations. The issue results from an improper optimization, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16733. | |||||
CVE-2023-37376 | 1 Siemens | 1 Tecnomatix | 2023-12-10 | N/A | 7.8 HIGH |
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains a type confusion vulnerability while parsing STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21051) | |||||
CVE-2023-21056 | 1 Google | 1 Android | 2023-12-10 | N/A | 6.7 MEDIUM |
In lwis_slc_buffer_free of lwis_device_slc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245300559References: N/A | |||||
CVE-2023-2033 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |