Total
583 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1869 | 1 Google | 1 Chrome | 2024-08-03 | 6.5 Medium |
| Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-1802 | 3 Google, Mozilla, Redhat | 7 Android, Firefox, Firefox Esr and 4 more | 2024-08-03 | 8.8 High |
| If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. | ||||
| CVE-2022-1786 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2024-08-03 | 7.8 High |
| A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system. | ||||
| CVE-2022-1529 | 3 Google, Mozilla, Redhat | 7 Android, Firefox, Firefox Esr and 4 more | 2024-08-03 | 8.8 High |
| An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. | ||||
| CVE-2022-1486 | 1 Google | 1 Chrome | 2024-08-03 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||||
| CVE-2022-1364 | 1 Google | 1 Chrome | 2024-08-03 | 8.8 High |
| Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-1314 | 1 Google | 1 Chrome | 2024-08-03 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-1232 | 1 Google | 1 Chrome | 2024-08-02 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-1176 | 1 Livehelperchat | 1 Live Helper Chat | 2024-08-02 | 7.5 High |
| Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96. | ||||
| CVE-2022-1134 | 1 Google | 1 Chrome | 2024-08-02 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-1096 | 1 Google | 1 Chrome | 2024-08-02 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0795 | 1 Google | 1 Chrome | 2024-08-02 | 8.8 High |
| Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0457 | 1 Google | 1 Chrome | 2024-08-02 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0102 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-08-02 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2023-51560 | 2024-08-02 | N/A | ||
| Foxit PDF Reader Annotation Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22259. | ||||
| CVE-2023-51427 | 1 Hihonor | 1 Magic Os | 2024-08-02 | 4.6 Medium |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | ||||
| CVE-2023-51426 | 1 Hihonor | 1 Magic Os | 2024-08-02 | 4.6 Medium |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | ||||
| CVE-2023-51428 | 1 Hihonor | 1 Magic Os | 2024-08-02 | 4.6 Medium |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | ||||
| CVE-2023-42464 | 2 Debian, Netatalk | 2 Debian Linux, Netatalk | 2024-08-02 | 9.8 Critical |
| A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967. | ||||
| CVE-2023-42074 | 2024-08-02 | N/A | ||
| PDF-XChange Editor addScript Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the addScript method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21338. | ||||