Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-843
Total 296 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-1219 1 Microsoft 11 Chakracore, Edge, Internet Explorer and 8 more 2021-07-21 7.6 HIGH 7.5 HIGH
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.
CVE-2020-13341 1 Gitlab 1 Gitlab 2021-07-21 4.0 MEDIUM 4.9 MEDIUM
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions.
CVE-2020-16009 5 Debian, Fedoraproject, Google and 2 more 7 Debian Linux, Fedora, Chrome and 4 more 2021-07-21 6.8 MEDIUM 8.8 HIGH
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-25016 1 Rgb-rust Project 1 Rgb-rust 2021-07-21 6.4 MEDIUM 9.1 CRITICAL
A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations.
CVE-2020-16015 1 Google 1 Chrome 2021-07-21 6.8 MEDIUM 8.8 HIGH
Insufficient data validation in WASM in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6533 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2021-07-21 6.8 MEDIUM 8.8 HIGH
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6512 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2021-07-21 9.3 HIGH 8.8 HIGH
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-0224 1 Google 1 Android 2021-07-21 10.0 HIGH 9.8 CRITICAL
In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out of bounds write due to type confusion. This could lead to remote code execution when processing a proxy configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147664838
CVE-2020-22882 1 Moddable 1 Moddable 2021-07-16 5.0 MEDIUM 7.5 HIGH
Issue was discovered in the fxParserTree function in moddable, allows attackers to cause denial of service via a crafted payload. Fixed in commit 723816ab9b52f807180c99fc69c7d08cf6c6bd61.
CVE-2021-22354 1 Huawei 2 Emui, Magic Ui 2021-07-02 6.4 MEDIUM 9.1 CRITICAL
There is an Information Disclosure Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds read.
CVE-2019-13118 1 Xmlsoft 1 Libxslt 2021-06-29 5.0 MEDIUM 7.5 HIGH
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
CVE-2021-32696 1 Striptags Project 1 Striptags 2021-06-24 5.0 MEDIUM 5.3 MEDIUM
The npm package "striptags" is an implementation of PHP's strip_tags in Typescript. In striptags before version 3.2.0, a type-confusion vulnerability can cause `striptags` to concatenate unsanitized strings when an array-like object is passed in as the `html` parameter. This can be abused by an attacker who can control the shape of their input, e.g. if query parameters are passed directly into the function. This can lead to a XSS.
CVE-2021-31476 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2021-06-23 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13531.
CVE-2021-31480 1 Opentext 1 Brava\! 2021-06-22 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12654.
CVE-2021-1789 3 Apple, Fedoraproject, Webkitgtk 8 Ipados, Iphone Os, Mac Os X and 5 more 2021-06-02 6.8 MEDIUM 8.8 HIGH
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2021-21224 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-06-01 6.8 MEDIUM 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2021-21230 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-06-01 6.8 MEDIUM 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-3320 1 Zephyrproject 1 Zephyr 2021-05-27 5.0 MEDIUM 7.5 HIGH
Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7
CVE-2021-31318 1 Telegram 1 Telegram 2021-05-25 4.3 MEDIUM 5.5 MEDIUM
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker.
CVE-2021-31317 1 Telegram 1 Telegram 2021-05-25 4.3 MEDIUM 5.5 MEDIUM
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the VDasher constructor of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device via a malicious animated sticker.