Total
554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23442 | 1 Hihonor | 1 Magic Os | 2024-11-21 | N/A | 4.6 MEDIUM |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-22579 | 1 Sequelizejs | 1 Sequelize | 2024-11-21 | N/A | 9.9 CRITICAL |
| Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. | |||||
| CVE-2023-21675 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-21287 | 1 Google | 1 Android | 2024-11-21 | N/A | 9.8 CRITICAL |
| In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-20768 | 2 Google, Mediatek | 43 Android, Mt6580, Mt6735 and 40 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07559800. | |||||
| CVE-2023-1235 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 6.3 MEDIUM |
| Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low) | |||||
| CVE-2023-1215 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-1214 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-1077 | 3 Debian, Linux, Netapp | 22 Debian Linux, Linux Kernel, 8300 and 19 more | 2024-11-21 | N/A | 7.0 HIGH |
| In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. | |||||
| CVE-2023-0703 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium) | |||||
| CVE-2023-0702 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-0696 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-0083 | 1 Openatom | 1 Openharmony | 2024-11-21 | N/A | 4.0 MEDIUM |
| The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash. | |||||
| CVE-2022-4912 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4174 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-46706 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | N/A | 7.8 HIGH |
| A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-3889 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-3652 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-3315 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2022-37377 | 2024-11-21 | N/A | 7.8 HIGH | ||
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor 11.1.1.53537;. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JavaScript optimizations. The issue results from an improper optimization, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16733. | |||||