Total
296 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6122 | 1 Google | 1 Chrome | 2021-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30869 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2021-10-20 | 9.3 HIGH | 7.8 HIGH |
| A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, Security Update 2021-006 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild. | |||||
| CVE-2021-39841 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-10-06 | 6.8 MEDIUM | 7.8 HIGH |
| Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Type Confusion vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-23444 | 1 Client | 1 Jointjs | 2021-10-01 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function. | |||||
| CVE-2021-38658 | 1 Microsoft | 1 Office | 2021-09-24 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38660. | |||||
| CVE-2021-30561 | 1 Google | 1 Chrome | 2021-09-21 | 6.8 MEDIUM | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-3757 | 6 Adobe, Apple, Google and 3 more | 10 Flash Player, Macos, Chrome Os and 7 more | 2021-09-16 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2021-1829 | 1 Apple | 1 Macos | 2021-09-15 | 10.0 HIGH | 9.8 CRITICAL |
| A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-30758 | 1 Apple | 5 Iphone Os, Macos, Safari and 2 more | 2021-09-14 | 6.8 MEDIUM | 8.8 HIGH |
| A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-23438 | 1 Mpath Project | 1 Mpath | 2021-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['__proto__']. This is because the method that has been called if the input is an array is Array.prototype.indexOf() and not String.prototype.indexOf(). They behave differently depending on the type of the input. | |||||
| CVE-2021-23436 | 1 Immer Project | 1 Immer | 2021-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition (p === "__proto__" || p === "constructor") in applyPatches_ returns false if p is ['__proto__'] (or ['constructor']). The === operator (strict equality operator) returns false if the operands have different type. | |||||
| CVE-2019-8250 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-09-08 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2019-8252 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-09-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2019-7131 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-09-08 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7975 | 3 Adobe, Apple, Microsoft | 3 Photoshop Cc, Macos, Windows | 2021-09-08 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7972 | 3 Adobe, Apple, Microsoft | 3 Photoshop Cc, Macos, Windows | 2021-09-08 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7971 | 3 Adobe, Apple, Microsoft | 3 Photoshop Cc, Macos, Windows | 2021-09-08 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7970 | 3 Adobe, Apple, Microsoft | 3 Photoshop Cc, Macos, Windows | 2021-09-08 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7969 | 3 Adobe, Apple, Microsoft | 3 Photoshop Cc, Macos, Windows | 2021-09-08 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-8249 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-09-08 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||