Total
296 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-5116 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2022-04-06 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||||
CVE-2019-13764 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2022-03-31 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2020-6383 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2022-03-31 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2020-6418 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2022-03-31 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2019-9791 | 2 Mozilla, Redhat | 7 Firefox, Firefox Esr, Thunderbird and 4 more | 2022-03-30 | 7.5 HIGH | 9.8 CRITICAL |
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | |||||
CVE-2021-26600 | 1 Impresscms | 1 Impresscms | 2022-03-30 | 7.5 HIGH | 9.8 CRITICAL |
ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==). | |||||
CVE-2021-23440 | 2 Oracle, Set-value Project | 2 Communications Cloud Native Core Policy, Set-value | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays. | |||||
CVE-2021-46463 | 1 F5 | 1 Njs | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then(). | |||||
CVE-2021-40061 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-03-14 | 5.0 MEDIUM | 7.5 HIGH |
There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity. | |||||
CVE-2021-38007 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-38001 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-46152 | 1 Siemens | 1 Simcenter Femap | 2022-02-28 | 6.8 MEDIUM | 7.8 HIGH |
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a type confusion vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14643, ZDI-CAN-14644, ZDI-CAN-14755, ZDI-CAN-15183) | |||||
CVE-2021-30954 | 3 Apple, Debian, Fedoraproject | 8 Ipados, Iphone Os, Macos and 5 more | 2022-02-25 | 9.3 HIGH | 7.8 HIGH |
A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
CVE-2021-38012 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-02-18 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-21734 | 1 Google | 1 Tensorflow | 2022-02-08 | 4.0 MEDIUM | 6.5 MEDIUM |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
CVE-2022-21731 | 1 Google | 1 Tensorflow | 2022-02-08 | 4.0 MEDIUM | 6.5 MEDIUM |
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ConcatV2` can be used to trigger a denial of service attack via a segfault caused by a type confusion. The `axis` argument is translated into `concat_dim` in the `ConcatShapeHelper` helper function. Then, a value for `min_rank` is computed based on `concat_dim`. This is then used to validate that the `values` tensor has at least the required rank. However, `WithRankAtLeast` receives the lower bound as a 64-bits value and then compares it against the maximum 32-bits integer value that could be represented. Due to the fact that `min_rank` is a 32-bits value and the value of `axis`, the `rank` argument is a negative value, so the error check is bypassed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
CVE-2021-24044 | 1 Facebook | 1 Hermes | 2022-01-24 | 7.5 HIGH | 9.8 CRITICAL |
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type confusion error, with a low chance of RCE. This issue affects Hermes versions prior to v0.10.0. | |||||
CVE-2021-39987 | 1 Huawei | 1 Harmonyos | 2022-01-14 | 5.0 MEDIUM | 7.5 HIGH |
The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart. | |||||
CVE-2021-40037 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-13 | 4.9 MEDIUM | 5.5 MEDIUM |
There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart. | |||||
CVE-2019-13730 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2022-01-01 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |