Total
492 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11346 | 2025-02-13 | N/A | 7.3 HIGH | ||
| : Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Resource Injection.This issue affects CX, XC, CS, et. Al.: from 001.001:0 through 081.231, from *.*.P001 through *.*.P233, from *.*.P001 through *.*.P759, from *.*.P001 through *.*.P836. | |||||
| CVE-2024-11344 | 2025-02-13 | N/A | 7.3 HIGH | ||
| A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. | |||||
| CVE-2017-11292 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Mac Os X, Macos and 8 more | 2025-02-13 | 6.0 MEDIUM | 8.8 HIGH |
| Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2025-21279 | 1 Microsoft | 1 Edge Chromium | 2025-02-11 | N/A | 6.5 MEDIUM |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2025-21342 | 1 Microsoft | 1 Edge Chromium | 2025-02-11 | N/A | 8.8 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2021-46878 | 1 Treasuredata | 1 Fluent Bit | 2025-02-11 | N/A | 7.8 HIGH |
| An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software, triggering use-after-free and execute arbitrary code on the target system. | |||||
| CVE-2025-21408 | 1 Microsoft | 1 Edge Chromium | 2025-02-11 | N/A | 8.8 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2023-26063 | 1 Lexmark | 217 6500e, B2236, B2338 and 214 more | 2025-02-11 | N/A | 9.8 CRITICAL |
| Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type. | |||||
| CVE-2025-0291 | 1 Google | 1 Chrome | 2025-02-11 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-12692 | 1 Google | 1 Chrome | 2025-02-11 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2012-0507 | 4 Debian, Oracle, Sun and 1 more | 7 Debian Linux, Jre, Jre and 4 more | 2025-02-10 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. | |||||
| CVE-2017-0037 | 1 Microsoft | 9 Edge, Internet Explorer, Windows 10 1507 and 6 more | 2025-02-10 | 7.6 HIGH | 8.1 HIGH |
| Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element. | |||||
| CVE-2016-7201 | 1 Microsoft | 5 Edge, Windows 10 1507, Windows 10 1511 and 2 more | 2025-02-10 | 7.6 HIGH | 8.8 HIGH |
| The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. | |||||
| CVE-2019-0752 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2025-02-07 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862. | |||||
| CVE-2018-8298 | 1 Microsoft | 1 Chakracore | 2025-02-07 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296. | |||||
| CVE-2019-11707 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-02-07 | 7.5 HIGH | 8.8 HIGH |
| A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2. | |||||
| CVE-2024-40676 | 2025-02-06 | N/A | 7.7 HIGH | ||
| In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2021-33970 | 1 Browser.360 | 1 Chrome | 2025-02-05 | N/A | 10.0 CRITICAL |
| Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges. | |||||
| CVE-2023-3079 | 7 Apple, Couchbase, Debian and 4 more | 7 Macos, Couchbase Server, Debian Linux and 4 more | 2025-02-05 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2021-21224 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-02-05 | 6.8 MEDIUM | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||||