Total
583 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-1421 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-08-04 | 8.8 High |
| A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | ||||
| CVE-2020-1219 | 1 Microsoft | 11 Chakracore, Edge, Internet Explorer and 8 more | 2024-08-04 | 7.5 High |
| A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. | ||||
| CVE-2020-0336 | 1 Google | 1 Android | 2024-08-04 | 6.7 Medium |
| In SurfaceFlinger, there is possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153467444 | ||||
| CVE-2020-0226 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In createWithSurfaceParent of Client.cpp, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150226994 | ||||
| CVE-2020-0224 | 1 Google | 1 Android | 2024-08-04 | 9.8 Critical |
| In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out of bounds write due to type confusion. This could lead to remote code execution when processing a proxy configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147664838 | ||||
| CVE-2021-46878 | 1 Treasuredata | 1 Fluent Bit | 2024-08-04 | 7.8 High |
| An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software, triggering use-after-free and execute arbitrary code on the target system. | ||||
| CVE-2021-46743 | 1 Google | 1 Firebase Php-jwt | 2024-08-04 | 9.1 Critical |
| In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself. | ||||
| CVE-2021-46463 | 1 F5 | 1 Njs | 2024-08-04 | 9.8 Critical |
| njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then(). | ||||
| CVE-2021-46152 | 1 Siemens | 1 Simcenter Femap | 2024-08-04 | 7.8 High |
| A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a type confusion vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14643, ZDI-CAN-14644, ZDI-CAN-14755, ZDI-CAN-15183) | ||||
| CVE-2021-44647 | 2 Fedoraproject, Lua | 2 Fedora, Lua | 2024-08-04 | 5.5 Medium |
| Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service. | ||||
| CVE-2021-41190 | 3 Fedoraproject, Linuxfoundation, Redhat | 10 Fedora, Open Container Initiative Distribution Specification, Open Container Initiative Image Format Specification and 7 more | 2024-08-04 | 3 Low |
| The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both “manifests” and “layers” fields or “manifests” and “config” fields if they are unable to update to version 1.0.1 of the spec. | ||||
| CVE-2021-41041 | 3 Eclipse, Oracle, Redhat | 4 Openj9, Java Se, Enterprise Linux and 1 more | 2024-08-04 | 5.3 Medium |
| In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. | ||||
| CVE-2021-40871 | 1 Softing | 4 Datafeed Opc Suite, Opc, Secure Integration Server and 1 more | 2024-08-04 | 7.5 High |
| An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted. | ||||
| CVE-2021-40872 | 1 Softing | 2 Smartlink Hw-dp, Uatoolkit Embedded | 2024-08-04 | 7.5 High |
| An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash unexpectedly because of an invalid type cast, and must be restarted. | ||||
| CVE-2021-40061 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-08-04 | 7.5 High |
| There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity. | ||||
| CVE-2021-40037 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-08-04 | 5.5 Medium |
| There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart. | ||||
| CVE-2021-39987 | 1 Huawei | 1 Harmonyos | 2024-08-04 | 7.5 High |
| The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart. | ||||
| CVE-2021-39219 | 2 Bytecodealliance, Fedoraproject | 2 Wasmtime, Fedora | 2024-08-04 | 6.3 Medium |
| Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the `wasmtime` crate clearly marks which functions are safe and which are `unsafe`, guaranteeing that if consumers never use `unsafe` then it should not be possible to have memory unsafety issues in their embeddings of Wasmtime. An issue was discovered in the safe API of `Linker::func_*` APIs. These APIs were previously not sound when one `Engine` was used to create the `Linker` and then a different `Engine` was used to create a `Store` and then the `Linker` was used to instantiate a module into that `Store`. Cross-`Engine` usage of functions is not supported in Wasmtime and this can result in type confusion of function pointers, resulting in being able to safely call a function with the wrong type. Triggering this bug requires using at least two `Engine` values in an embedding and then additionally using two different values with a `Linker` (one at the creation time of the `Linker` and another when instantiating a module with the `Linker`). It's expected that usage of more-than-one `Engine` in an embedding is relatively rare since an `Engine` is intended to be a globally shared resource, so the expectation is that the impact of this issue is relatively small. The fix implemented is to change this behavior to `panic!()` in Rust instead of silently allowing it. Using different `Engine` instances with a `Linker` is a programmer bug that `wasmtime` catches at runtime. This bug has been patched and users should upgrade to Wasmtime version 0.30.0. If you cannot upgrade Wasmtime and are using more than one `Engine` in your embedding it's recommended to instead use only one `Engine` for the entire program if possible. An `Engine` is designed to be a globally shared resource that is suitable to have only one for the lifetime of an entire process. If using multiple `Engine`s is required then code should be audited to ensure that `Linker` is only used with one `Engine`. | ||||
| CVE-2021-38658 | 1 Microsoft | 1 Office | 2024-08-04 | 7.8 High |
| Microsoft Office Graphics Remote Code Execution Vulnerability | ||||
| CVE-2021-38007 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-08-04 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||