Vulnerabilities (CVE)

Filtered by CWE-843
Total 367 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-46878 1 Treasuredata 1 Fluent Bit 2023-12-10 N/A 7.8 HIGH
An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software, triggering use-after-free and execute arbitrary code on the target system.
CVE-2023-20747 3 Google, Linuxfoundation, Mediatek 48 Android, Iot-yocto, Yocto and 45 more 2023-12-10 N/A 4.4 MEDIUM
In vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519121.
CVE-2023-22579 1 Sequelizejs 1 Sequelize 2023-12-10 N/A 8.8 HIGH
Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.
CVE-2022-4174 1 Google 1 Chrome 2023-12-10 N/A 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-0702 1 Google 1 Chrome 2023-12-10 N/A 8.8 HIGH
Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-1214 1 Google 1 Chrome 2023-12-10 N/A 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-0696 1 Google 1 Chrome 2023-12-10 N/A 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-0083 1 Openharmony 1 Openharmony 2023-12-10 N/A 5.5 MEDIUM
The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash.
CVE-2023-20616 2 Google, Mediatek 45 Android, Mt6580, Mt6735 and 42 more 2023-12-10 N/A 6.7 MEDIUM
In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07560720.
CVE-2023-0703 1 Google 1 Chrome 2023-12-10 N/A 8.8 HIGH
Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium)
CVE-2022-25721 1 Qualcomm 90 Aqt1000, Aqt1000 Firmware, Mdm9150 and 87 more 2023-12-10 N/A 7.8 HIGH
Memory corruption in video driver due to type confusion error during video playback
CVE-2023-0473 1 Google 1 Chrome 2023-12-10 N/A 8.8 HIGH
Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-23455 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-12-10 N/A 5.5 MEDIUM
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
CVE-2022-4262 1 Google 1 Chrome 2023-12-10 N/A 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-20461 1 Google 1 Android 2023-12-10 N/A 7.8 HIGH
In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963
CVE-2022-4205 1 Gitlab 1 Gitlab 2023-12-10 N/A 7.5 HIGH
In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.
CVE-2022-42841 1 Apple 1 Macos 2023-12-10 N/A 7.8 HIGH
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. Processing a maliciously crafted package may lead to arbitrary code execution.
CVE-2023-1235 1 Google 1 Chrome 2023-12-10 N/A 6.3 MEDIUM
Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low)
CVE-2022-42856 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2023-12-10 N/A 8.8 HIGH
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..
CVE-2023-1215 1 Google 1 Chrome 2023-12-10 N/A 8.8 HIGH
Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)