Vulnerabilities (CVE)

Filtered by CWE-704
Total 220 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-8602 1 Artifex 1 Ghostscript 2024-02-04 6.8 MEDIUM 7.8 HIGH
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.
CVE-2016-7979 1 Artifex 1 Ghostscript 2024-02-04 7.5 HIGH 9.8 CRITICAL
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.
CVE-2017-2962 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2024-02-04 9.3 HIGH 7.8 HIGH
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable type confusion vulnerability in the XSLT engine related to localization functionality. Successful exploitation could lead to arbitrary code execution.
CVE-2016-4709 1 Apple 1 Mac Os X 2024-02-04 7.2 HIGH 7.8 HIGH
WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4710.
CVE-2016-7860 6 Adobe, Apple, Google and 3 more 14 Flash Player, Flash Player For Linux, Mac Os X and 11 more 2024-02-04 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2016-7865 6 Adobe, Apple, Google and 3 more 14 Flash Player, Flash Player For Linux, Mac Os X and 11 more 2024-02-04 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2016-4710 1 Apple 1 Mac Os X 2024-02-04 7.2 HIGH 7.8 HIGH
WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709.
CVE-2016-5161 2 Google, Opensuse 2 Chrome, Leap 2024-02-04 6.8 MEDIUM 8.8 HIGH
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages "type confusion" in the StylePropertySerializer class.
CVE-2015-3120 4 Adobe, Apple, Linux and 1 more 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more 2024-02-04 10.0 HIGH N/A
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3119, CVE-2015-3121, CVE-2015-3122, and CVE-2015-4433.
CVE-2016-7861 6 Adobe, Apple, Google and 3 more 14 Flash Player, Flash Player For Linux, Mac Os X and 11 more 2024-02-04 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2011-3027 2 Apple, Google 4 Iphone Os, Itunes, Safari and 1 more 2024-02-04 4.3 MEDIUM N/A
Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
CVE-2011-0483 1 Google 2 Chrome, Chrome Os 2024-02-04 5.0 MEDIUM N/A
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2010-1822 3 Apple, Google, Opensuse 3 Safari, Chrome, Opensuse 2024-02-04 6.8 MEDIUM 8.8 HIGH
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document.
CVE-2011-3036 3 Apple, Google, Opensuse 5 Iphone Os, Itunes, Safari and 2 more 2024-02-04 6.8 MEDIUM N/A
Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
CVE-2011-0482 2 Debian, Google 3 Debian Linux, Chrome, Chrome Os 2024-02-04 4.3 MEDIUM N/A
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.
CVE-2011-1200 1 Google 1 Chrome 2024-02-04 6.8 MEDIUM N/A
Google Chrome before 10.0.648.127 does not properly perform a cast of an unspecified variable during text rendering, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
CVE-2011-1441 1 Google 1 Chrome 2024-02-04 6.8 MEDIUM N/A
Google Chrome before 11.0.696.57 does not properly perform a cast of an unspecified variable during handling of floating select lists, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document.
CVE-2011-3037 3 Apple, Google, Opensuse 5 Iphone Os, Itunes, Safari and 2 more 2024-02-04 6.8 MEDIUM N/A
Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
CVE-2011-1799 2 Debian, Google 2 Debian Linux, Chrome 2024-02-04 6.8 MEDIUM N/A
Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2021-43537 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2024-02-02 6.8 MEDIUM 8.8 HIGH
An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.