Total
354 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-25575 | 1 Failure Project | 1 Failure | 2024-05-17 | 7.5 HIGH | 9.8 CRITICAL |
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap CVE-2019-25010. | |||||
CVE-2019-19391 | 2 Luajit, Moonjit Project | 2 Luajit, Moonjit | 2024-05-17 | 6.4 MEDIUM | 9.1 CRITICAL |
** DISPUTED ** In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and > options are mishandled. NOTE: The LuaJIT project owner states that the debug libary is unsafe by definition and that this is not a vulnerability. When LuaJIT was originally developed, the expectation was that the entire debug library had no security guarantees and thus it made no sense to assign CVEs. However, not all users of later LuaJIT derivatives share this perspective. | |||||
CVE-2024-23222 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-05-16 | N/A | 8.8 HIGH |
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited. | |||||
CVE-2024-32057 | 2024-05-14 | N/A | 7.8 HIGH | ||
A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21562) | |||||
CVE-2024-32063 | 2024-05-14 | N/A | 7.8 HIGH | ||
A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21573) | |||||
CVE-2024-32062 | 2024-05-14 | N/A | 7.8 HIGH | ||
A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21568) | |||||
CVE-2024-30034 | 2024-05-14 | N/A | 5.5 MEDIUM | ||
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | |||||
CVE-2023-38091 | 2024-05-03 | N/A | 7.8 HIGH | ||
Kofax Power PDF response Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the app.response method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20601. | |||||
CVE-2023-42102 | 2024-05-03 | N/A | 7.8 HIGH | ||
Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20409. | |||||
CVE-2023-42105 | 2024-05-03 | N/A | 7.0 HIGH | ||
Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20562. | |||||
CVE-2023-42074 | 2024-05-03 | N/A | 7.8 HIGH | ||
PDF-XChange Editor addScript Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the addScript method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21338. | |||||
CVE-2023-51560 | 2024-05-03 | N/A | 7.8 HIGH | ||
Foxit PDF Reader Annotation Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22259. | |||||
CVE-2024-25575 | 2024-04-30 | N/A | 8.8 HIGH | ||
A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | |||||
CVE-2023-28575 | 1 Qualcomm | 120 205, 205 Firmware, 215 and 117 more | 2024-04-12 | N/A | 7.8 HIGH |
The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it. | |||||
CVE-2024-21363 | 2024-04-11 | N/A | 7.8 HIGH | ||
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | |||||
CVE-2024-21357 | 2024-04-11 | N/A | 8.1 HIGH | ||
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | |||||
CVE-2024-20662 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-04-11 | N/A | 4.9 MEDIUM |
Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability | |||||
CVE-2024-20678 | 2024-04-10 | N/A | 8.8 HIGH | ||
Remote Procedure Call Runtime Remote Code Execution Vulnerability | |||||
CVE-2024-26232 | 2024-04-10 | N/A | 7.3 HIGH | ||
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | |||||
CVE-2024-30266 | 2024-04-04 | N/A | 3.3 LOW | ||
wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1. |