Total
621 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51560 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Foxit PDF Reader Annotation Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22259. | |||||
| CVE-2023-51428 | 1 Hihonor | 1 Magic Os | 2024-11-21 | N/A | 4.6 MEDIUM |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-51427 | 1 Hihonor | 1 Magic Os | 2024-11-21 | N/A | 4.6 MEDIUM |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-51426 | 1 Hihonor | 1 Magic Os | 2024-11-21 | N/A | 4.6 MEDIUM |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-50433 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| marshall in dhcp_packet.c in simple-dhcp-server through ec976d2 allows remote attackers to cause a denial of service by sending a malicious DHCP packet. The crash is caused by a type confusion bug that results in a large memory allocation; when this memory allocation fails the DHCP server will crash. | |||||
| CVE-2023-4194 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate. | |||||
| CVE-2023-4070 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.1 HIGH |
| Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-4069 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-4068 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.1 HIGH |
| Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-48694 | 1 Microsoft | 1 Azure Rtos Usbx | 2024-11-21 | N/A | 6.8 MEDIUM |
| Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference and type confusion vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host class, related to device linked classes, ASIX, Prolific, SWAR, audio, CDC ECM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-46705 | 1 Openatom | 1 Openharmony | 2024-11-21 | N/A | 6.2 MEDIUM |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion. | |||||
| CVE-2023-44108 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart. | |||||
| CVE-2023-44094 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.3 MEDIUM |
| Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart. | |||||
| CVE-2023-43154 | 1 Macs Cms Project | 1 Macs Cms | 2024-11-21 | N/A | 9.8 CRITICAL |
| In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account. | |||||
| CVE-2023-42464 | 2 Debian, Netatalk | 2 Debian Linux, Netatalk | 2024-11-21 | N/A | 9.8 CRITICAL |
| A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967. | |||||
| CVE-2023-41257 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | N/A | 8.8 HIGH |
| A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | |||||
| CVE-2023-41075 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-11-21 | N/A | 7.8 HIGH |
| A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-38199 | 1 Owasp | 1 Coreruleset | 2024-11-21 | N/A | 9.8 CRITICAL |
| coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the web application relies on only the last Content-Type header. Other platforms may reject the additional Content-Type header or merge conflicting headers, leading to detection as a malformed header. | |||||
| CVE-2023-38128 | 1 Justsystems | 19 Easy Postcard Max, Ichitaro 2021, Ichitaro 2022 and 16 more | 2024-11-21 | N/A | 7.8 HIGH |
| An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2023-38091 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Kofax Power PDF response Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the app.response method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20601. | |||||