Total
659 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20662 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-11-21 | N/A | 4.9 MEDIUM |
| Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability | |||||
| CVE-2024-1848 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file. | |||||
| CVE-2024-1847 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID. | |||||
| CVE-2024-0518 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-6939 | 1 Hihonor | 1 Magic Ui | 2024-11-21 | N/A | 4.0 MEDIUM |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause denial of service. | |||||
| CVE-2023-6348 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-6045 | 1 Openatom | 1 Openharmony | 2024-11-21 | N/A | 5.9 MEDIUM |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion. | |||||
| CVE-2023-51428 | 1 Hihonor | 1 Magic Os | 2024-11-21 | N/A | 4.6 MEDIUM |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-51427 | 1 Hihonor | 1 Magic Os | 2024-11-21 | N/A | 4.6 MEDIUM |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-51426 | 1 Hihonor | 1 Magic Os | 2024-11-21 | N/A | 4.6 MEDIUM |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-50433 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| marshall in dhcp_packet.c in simple-dhcp-server through ec976d2 allows remote attackers to cause a denial of service by sending a malicious DHCP packet. The crash is caused by a type confusion bug that results in a large memory allocation; when this memory allocation fails the DHCP server will crash. | |||||
| CVE-2023-4194 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate. | |||||
| CVE-2023-4070 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.1 HIGH |
| Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-4069 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-4068 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.1 HIGH |
| Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-46705 | 1 Openatom | 1 Openharmony | 2024-11-21 | N/A | 6.2 MEDIUM |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion. | |||||
| CVE-2023-44108 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart. | |||||
| CVE-2023-44094 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.3 MEDIUM |
| Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart. | |||||
| CVE-2023-43154 | 1 Macs Cms Project | 1 Macs Cms | 2024-11-21 | N/A | 9.8 CRITICAL |
| In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account. | |||||
| CVE-2023-42464 | 2 Debian, Netatalk | 2 Debian Linux, Netatalk | 2024-11-21 | N/A | 9.8 CRITICAL |
| A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967. | |||||