Total
482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0795 | 1 Google | 1 Chrome | 2022-10-27 | 6.8 MEDIUM | 8.8 HIGH |
| Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1096 | 1 Google | 1 Chrome | 2022-10-27 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1869 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 6.5 MEDIUM |
| Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-3676 | 1 Eclipse | 1 Openj9 | 2022-10-25 | N/A | 6.5 MEDIUM |
| In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type. | |||||
| CVE-2020-16229 | 1 Advantech | 1 Webaccess\/hmi Designer | 2022-10-06 | 6.8 MEDIUM | 7.8 HIGH |
| Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. | |||||
| CVE-2020-26990 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11897) | |||||
| CVE-2021-4078 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-09-27 | 6.8 MEDIUM | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2971 | 1 Mz-automation | 1 Libiec61850 | 2022-09-26 | N/A | 7.5 HIGH |
| MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload. | |||||
| CVE-2021-27038 | 1 Autodesk | 1 Design Review | 2022-09-12 | 6.8 MEDIUM | 7.8 HIGH |
| A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. A malicious actor can leverage this to execute arbitrary code. | |||||
| CVE-2022-1232 | 1 Google | 1 Chrome | 2022-09-01 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1486 | 1 Google | 1 Chrome | 2022-08-30 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2022-1364 | 1 Google | 1 Chrome | 2022-08-30 | N/A | 8.8 HIGH |
| Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-26430 | 3 Google, Mediatek, Yoctoproject | 25 Android, Mt6833, Mt6853 and 22 more | 2022-08-05 | N/A | 6.7 MEDIUM |
| In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032521; Issue ID: ALPS07032521. | |||||
| CVE-2022-26435 | 3 Google, Mediatek, Yoctoproject | 32 Android, Mt6833, Mt6853 and 29 more | 2022-08-05 | N/A | 6.7 MEDIUM |
| In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138435; Issue ID: ALPS07138435. | |||||
| CVE-2022-26433 | 3 Google, Mediatek, Yoctoproject | 32 Android, Mt6833, Mt6853 and 29 more | 2022-08-05 | N/A | 6.7 MEDIUM |
| In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138400; Issue ID: ALPS07138400. | |||||
| CVE-2020-9948 | 3 Apple, Debian, Webkit | 3 Safari, Debian Linux, Webkitgtk\+ | 2022-07-23 | 6.8 MEDIUM | 8.8 HIGH |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-13547 | 1 Foxitsoftware | 1 Foxit Reader | 2022-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
| CVE-2019-5047 | 1 Gonitro | 1 Nitropdf | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable Use After Free vulnerability exists in the CharProcs parsing functionality of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a Use After Free. An attacker can craft a malicious PDF to trigger this vulnerability. | |||||
| CVE-2021-32965 | 1 Deltaww | 1 Diascreen | 2022-06-07 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2022-29209 | 1 Google | 1 Tensorflow | 2022-06-03 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||