Total
376 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0473 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
| Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-23455 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-12-10 | N/A | 5.5 MEDIUM |
| atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | |||||
| CVE-2022-4262 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-20461 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
| In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963 | |||||
| CVE-2022-4205 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 7.5 HIGH |
| In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. | |||||
| CVE-2022-42841 | 1 Apple | 1 Macos | 2023-12-10 | N/A | 7.8 HIGH |
| A type confusion issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. Processing a maliciously crafted package may lead to arbitrary code execution. | |||||
| CVE-2023-1235 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 6.3 MEDIUM |
| Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low) | |||||
| CVE-2022-42856 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-10 | N/A | 8.8 HIGH |
| A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. | |||||
| CVE-2023-1215 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
| Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-23529 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2023-12-10 | N/A | 8.8 HIGH |
| A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | |||||
| CVE-2023-23454 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-12-10 | N/A | 5.5 MEDIUM |
| cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | |||||
| CVE-2022-1486 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2022-42823 | 3 Apple, Debian, Fedoraproject | 8 Ipados, Iphone Os, Macos and 5 more | 2023-12-10 | N/A | 8.8 HIGH |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2022-1869 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 6.5 MEDIUM |
| Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-26433 | 3 Google, Mediatek, Yoctoproject | 32 Android, Mt6833, Mt6853 and 29 more | 2023-12-10 | N/A | 6.7 MEDIUM |
| In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138400; Issue ID: ALPS07138400. | |||||
| CVE-2022-34918 | 4 Canonical, Debian, Linux and 1 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. | |||||
| CVE-2022-1096 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-34709 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-12-10 | N/A | 6.0 MEDIUM |
| Windows Defender Credential Guard Security Feature Bypass Vulnerability | |||||
| CVE-2022-3652 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-1364 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
| Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||