Total
376 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-1134 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-3315 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | |||||
CVE-2022-3889 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2022-3676 | 1 Eclipse | 1 Openj9 | 2023-12-10 | N/A | 6.5 MEDIUM |
In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type. | |||||
CVE-2022-1232 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-1314 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-26435 | 3 Google, Mediatek, Yoctoproject | 32 Android, Mt6833, Mt6853 and 29 more | 2023-12-10 | N/A | 6.7 MEDIUM |
In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138435; Issue ID: ALPS07138435. | |||||
CVE-2022-2295 | 2 Fedoraproject, Google | 3 Extra Packages For Enterprise Linux, Fedora, Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-32915 | 1 Apple | 1 Macos | 2023-12-10 | N/A | 7.8 HIGH |
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2022-3723 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2022-3903 | 1 Linux | 1 Linux Kernel | 2023-12-10 | N/A | 4.6 MEDIUM |
An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. | |||||
CVE-2022-32814 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-10 | N/A | 7.8 HIGH |
A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2022-26430 | 3 Google, Mediatek, Yoctoproject | 25 Android, Mt6833, Mt6853 and 22 more | 2023-12-10 | N/A | 6.7 MEDIUM |
In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032521; Issue ID: ALPS07032521. | |||||
CVE-2022-34221 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-12-10 | N/A | 7.8 HIGH |
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2022-2971 | 1 Mz-automation | 1 Libiec61850 | 2023-12-10 | N/A | 7.5 HIGH |
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload. | |||||
CVE-2022-0795 | 1 Google | 1 Chrome | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-0102 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-1176 | 1 Livehelperchat | 1 Live Helper Chat | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96. | |||||
CVE-2021-46743 | 1 Google | 1 Firebase Php-jwt | 2023-12-10 | 5.8 MEDIUM | 9.1 CRITICAL |
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself. | |||||
CVE-2022-0457 | 1 Google | 1 Chrome | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |