Total
583 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37987 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-10-08 | 8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-20662 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2024-10-08 | 4.9 Medium |
| Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability | ||||
| CVE-2023-6702 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Edge Chromium | 2024-10-08 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2021-31344 | 1 Siemens | 17 Apogee Modular Building Controller, Apogee Modular Building Controller Firmware, Apogee Modular Equiment Controller and 14 more | 2024-10-08 | 5.3 Medium |
| A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004) | ||||
| CVE-2019-2692 | 2 Oracle, Redhat | 2 Mysql Connector\/j, Jboss Fuse | 2024-10-02 | N/A |
| Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). | ||||
| CVE-2020-2907 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-09-27 | 7.5 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2024-9122 | 1 Google | 1 Chrome | 2024-09-26 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-5830 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-09-25 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-43154 | 1 Macs Cms Project | 1 Macs Cms | 2024-09-24 | 9.8 Critical |
| In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account. | ||||
| CVE-2024-8904 | 1 Google | 1 Chrome | 2024-09-20 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-45112 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-09-19 | 7.8 High |
| Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when a resource is accessed using a type that is not compatible with the actual object type, leading to a logic error that an attacker could exploit. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-42105 | 1 Ashlar Vellum | 1 Cobalt | 2024-09-18 | N/A |
| Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20562. | ||||
| CVE-2023-42102 | 1 Ashlar | 1 Cobalt | 2024-09-18 | N/A |
| Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20409. | ||||
| CVE-2023-44108 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-18 | 7.5 High |
| Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart. | ||||
| CVE-2023-44094 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-18 | 5.3 Medium |
| Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart. | ||||
| CVE-2019-6984 | 2 Foxitsoftware, Microsoft | 2 3d, Windows | 2024-09-17 | N/A |
| An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter a Use-After-Free or Type Confusion and crash during handling of certain PDF files that embed specifically crafted 3D content, due to the use of a wild pointer. | ||||
| CVE-2021-23472 | 1 Bootstrap-table | 1 Bootstrap Table | 2024-09-17 | 3.1 Low |
| This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the escape attribute is set. | ||||
| CVE-2020-27257 | 1 Omron | 4 Cx-one, Cx-position, Cx-protocol and 1 more | 2024-09-17 | 7.8 High |
| This vulnerability allows local attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type-confusion condition in the Omron CX-One Version 4.60 and prior devices. | ||||
| CVE-2018-19019 | 1 Omron | 1 Cx-supervisor | 2024-09-17 | N/A |
| A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. | ||||
| CVE-2022-2971 | 1 Mz-automation | 1 Libiec61850 | 2024-09-17 | 8.6 High |
| MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload. | ||||