Total
583 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43498 | 1 Microsoft | 2 .net, Visual Studio | 2024-11-14 | 9.8 Critical |
| .NET and Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2024-43596 | 1 Microsoft | 1 Edge Chromium | 2024-11-12 | 6.5 Medium |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2022-3652 | 1 Google | 1 Chrome | 2024-11-12 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-49860 | 1 Linux | 1 Linux Kernel | 2024-11-08 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is returned description_show() will access invalid memory. | ||||
| CVE-2023-37376 | 1 Siemens | 1 Tecnomatix | 2024-11-07 | 7.8 High |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains a type confusion vulnerability while parsing STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21051) | ||||
| CVE-2023-2234 | 1 Zephyrproject | 1 Zephyr | 2024-11-07 | 6.8 Medium |
| Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host. | ||||
| CVE-2024-20106 | 2 Google, Mediatek | 14 Android, Mt6739, Mt6761 and 11 more | 2024-11-04 | 6.7 Medium |
| In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08960505; Issue ID: MSV-1590. | ||||
| CVE-2023-50433 | 2024-11-01 | 6.5 Medium | ||
| marshall in dhcp_packet.c in simple-dhcp-server through ec976d2 allows remote attackers to cause a denial of service by sending a malicious DHCP packet. The crash is caused by a type confusion bug that results in a large memory allocation; when this memory allocation fails the DHCP server will crash. | ||||
| CVE-2024-10230 | 1 Google | 1 Chrome | 2024-10-31 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-38199 | 1 Owasp | 1 Coreruleset | 2024-10-30 | 9.8 Critical |
| coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the web application relies on only the last Content-Type header. Other platforms may reject the additional Content-Type header or merge conflicting headers, leading to detection as a malformed header. | ||||
| CVE-2024-7824 | 1 Webroot | 1 Secureanywhere Web Shield | 2024-10-30 | 9.8 Critical |
| Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3. | ||||
| CVE-2024-7825 | 1 Webroot | 1 Secureanywhere Web Shield | 2024-10-30 | 9.8 Critical |
| Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3. | ||||
| CVE-2024-10231 | 1 Google | 1 Chrome | 2024-10-30 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-32664 | 1 Foxit | 1 Pdf Reader | 2024-10-28 | 8.8 High |
| A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. Specially crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to trigger the vulnerability. | ||||
| CVE-2024-40788 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-10-27 | 6.2 Medium |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to cause unexpected system shutdown. | ||||
| CVE-2023-28729 | 1 Panasonic | 1 Control Fpwin Pro | 2024-10-24 | 7.8 High |
| A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. | ||||
| CVE-2022-3889 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-10-23 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2015-2728 | 4 Mozilla, Novell, Oracle and 1 more | 6 Firefox, Firefox Esr, Suse Linux Enterprise Desktop and 3 more | 2024-10-22 | N/A |
| The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue. | ||||
| CVE-2023-1215 | 1 Google | 1 Chrome | 2024-10-17 | 8.8 High |
| Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-1214 | 1 Google | 1 Chrome | 2024-10-17 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||