Total
659 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-54507 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-14 | N/A | 5.5 MEDIUM |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An attacker with user privileges may be able to read kernel memory. | |||||
| CVE-2024-47804 | 1 Jenkins | 1 Jenkins | 2025-03-14 | N/A | 4.3 MEDIUM |
| If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction. | |||||
| CVE-2024-4058 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-14 | N/A | 8.8 HIGH |
| Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2024-32892 | 1 Google | 1 Android | 2025-03-13 | N/A | 7.8 HIGH |
| In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-3022 | 1 Linux | 1 Linux Kernel | 2025-03-11 | N/A | 5.5 MEDIUM |
| A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6_rule_lookup, sometimes holding rt6_info and other times fib6_info. This was not accounted for in other parts of the code where rt6_info was expected unconditionally, potentially leading to a kernel panic in fib6_rule_suppress. | |||||
| CVE-2021-23807 | 1 Janl | 1 Jsonpointer | 2025-03-05 | 7.5 HIGH | 5.6 MEDIUM |
| This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays. | |||||
| CVE-2023-36887 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 7.8 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2023-1076 | 1 Linux | 1 Linux Kernel | 2025-02-24 | N/A | 5.5 MEDIUM |
| A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters. | |||||
| CVE-2023-1075 | 1 Linux | 1 Linux Kernel | 2025-02-24 | N/A | 3.3 LOW |
| A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready. | |||||
| CVE-2023-21056 | 1 Google | 1 Android | 2025-02-21 | N/A | 6.7 MEDIUM |
| In lwis_slc_buffer_free of lwis_device_slc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245300559References: N/A | |||||
| CVE-2024-11346 | 2025-02-13 | N/A | 7.3 HIGH | ||
| : Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Resource Injection.This issue affects CX, XC, CS, et. Al.: from 001.001:0 through 081.231, from *.*.P001 through *.*.P233, from *.*.P001 through *.*.P759, from *.*.P001 through *.*.P836. | |||||
| CVE-2024-11344 | 2025-02-13 | N/A | 7.3 HIGH | ||
| A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. | |||||
| CVE-2025-21279 | 1 Microsoft | 1 Edge Chromium | 2025-02-11 | N/A | 6.5 MEDIUM |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2025-21342 | 1 Microsoft | 1 Edge Chromium | 2025-02-11 | N/A | 8.8 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2021-46878 | 1 Treasuredata | 1 Fluent Bit | 2025-02-11 | N/A | 7.8 HIGH |
| An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software, triggering use-after-free and execute arbitrary code on the target system. | |||||
| CVE-2025-21408 | 1 Microsoft | 1 Edge Chromium | 2025-02-11 | N/A | 8.8 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2023-26063 | 1 Lexmark | 217 6500e, B2236, B2338 and 214 more | 2025-02-11 | N/A | 9.8 CRITICAL |
| Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type. | |||||
| CVE-2025-0291 | 1 Google | 1 Chrome | 2025-02-11 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-12692 | 1 Google | 1 Chrome | 2025-02-11 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2021-33970 | 1 Browser.360 | 1 Chrome | 2025-02-05 | N/A | 10.0 CRITICAL |
| Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges. | |||||