Total
367 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-46878 | 1 Treasuredata | 1 Fluent Bit | 2023-12-10 | N/A | 7.8 HIGH |
An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software, triggering use-after-free and execute arbitrary code on the target system. | |||||
CVE-2023-20747 | 3 Google, Linuxfoundation, Mediatek | 48 Android, Iot-yocto, Yocto and 45 more | 2023-12-10 | N/A | 4.4 MEDIUM |
In vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519121. | |||||
CVE-2023-22579 | 1 Sequelizejs | 1 Sequelize | 2023-12-10 | N/A | 8.8 HIGH |
Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. | |||||
CVE-2022-4174 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2023-0702 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
CVE-2023-1214 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2023-0696 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2023-0083 | 1 Openharmony | 1 Openharmony | 2023-12-10 | N/A | 5.5 MEDIUM |
The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash. | |||||
CVE-2023-20616 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6735 and 42 more | 2023-12-10 | N/A | 6.7 MEDIUM |
In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07560720. | |||||
CVE-2023-0703 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium) | |||||
CVE-2022-25721 | 1 Qualcomm | 90 Aqt1000, Aqt1000 Firmware, Mdm9150 and 87 more | 2023-12-10 | N/A | 7.8 HIGH |
Memory corruption in video driver due to type confusion error during video playback | |||||
CVE-2023-0473 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
CVE-2023-23455 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-12-10 | N/A | 5.5 MEDIUM |
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | |||||
CVE-2022-4262 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2022-20461 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963 | |||||
CVE-2022-4205 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. | |||||
CVE-2022-42841 | 1 Apple | 1 Macos | 2023-12-10 | N/A | 7.8 HIGH |
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. Processing a maliciously crafted package may lead to arbitrary code execution. | |||||
CVE-2023-1235 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 6.3 MEDIUM |
Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low) | |||||
CVE-2022-42856 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-10 | N/A | 8.8 HIGH |
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. | |||||
CVE-2023-1215 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |