Total
583 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38012 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-08-04 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-38001 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-08-04 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-34866 | 3 Linux, Netapp, Redhat | 19 Linux Kernel, H300e, H300e Firmware and 16 more | 2024-08-04 | 7.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689. | ||||
| CVE-2021-33970 | 1 Browser.360 | 1 Chrome | 2024-08-04 | 10.0 Critical |
| Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges. | ||||
| CVE-2021-33624 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-08-03 | 4.7 Medium |
| In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db. | ||||
| CVE-2021-32965 | 1 Deltaww | 1 Diascreen | 2024-08-03 | 7.8 High |
| Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2021-32696 | 1 Striptags Project | 1 Striptags | 2024-08-03 | 3.7 Low |
| The npm package "striptags" is an implementation of PHP's strip_tags in Typescript. In striptags before version 3.2.0, a type-confusion vulnerability can cause `striptags` to concatenate unsanitized strings when an array-like object is passed in as the `html` parameter. This can be abused by an attacker who can control the shape of their input, e.g. if query parameters are passed directly into the function. This can lead to a XSS. | ||||
| CVE-2021-31480 | 1 Opentext | 1 Brava\! | 2024-08-03 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12654. | ||||
| CVE-2021-31476 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-08-03 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13531. | ||||
| CVE-2021-31461 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-08-03 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the the handling of app.media objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process Was ZDI-CAN-13333. | ||||
| CVE-2021-31318 | 1 Telegram | 1 Telegram | 2024-08-03 | 5.5 Medium |
| Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker. | ||||
| CVE-2021-31317 | 1 Telegram | 1 Telegram | 2024-08-03 | 5.5 Medium |
| Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the VDasher constructor of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device via a malicious animated sticker. | ||||
| CVE-2021-31008 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-08-03 | 8.8 High |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 15.1, tvOS 15.1, iOS 15 and iPadOS 15, macOS Monterey 12.0.1, watchOS 8.1. Processing maliciously crafted web content may lead to code execution. | ||||
| CVE-2021-30954 | 4 Apple, Debian, Fedoraproject and 1 more | 9 Ipados, Iphone Os, Macos and 6 more | 2024-08-03 | 7.8 High |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2021-30859 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2024-08-03 | 7.8 High |
| A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2021-30869 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2024-08-03 | 7.8 High |
| A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, Security Update 2021-006 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild. | ||||
| CVE-2021-30852 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-08-03 | 8.8 High |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2021-30818 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2024-08-03 | 8.8 High |
| A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, Safari 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2021-30758 | 2 Apple, Redhat | 6 Iphone Os, Macos, Safari and 3 more | 2024-08-03 | 8.8 High |
| A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2021-30627 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-08-03 | 8.8 High |
| Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||