Total
496 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51426 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.1 HIGH |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-51427 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.1 HIGH |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-51428 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.1 HIGH |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2021-28468 | 1 Microsoft | 1 Raw Image Extension | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Raw Image Extension Remote Code Execution Vulnerability | |||||
| CVE-2021-38658 | 1 Microsoft | 1 Office | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Graphics Remote Code Execution Vulnerability | |||||
| CVE-2023-48694 | 1 Microsoft | 1 Azure Rtos Usbx | 2023-12-08 | N/A | 9.8 CRITICAL |
| Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference and type confusion vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host class, related to device linked classes, ASIX, Prolific, SWAR, audio, CDC ECM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-41257 | 1 Foxitsoftware | 1 Foxit Reader | 2023-12-01 | N/A | 8.8 HIGH |
| A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | |||||
| CVE-2022-1314 | 1 Google | 1 Chrome | 2023-11-27 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2023-2724 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4174 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-46705 | 1 Openharmony | 1 Openharmony | 2023-11-24 | N/A | 5.5 MEDIUM |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion. | |||||
| CVE-2023-6045 | 1 Openharmony | 1 Openharmony | 2023-11-24 | N/A | 7.8 HIGH |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion. | |||||
| CVE-2022-34221 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-11-15 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-32818 | 2 Google, Mediatek | 11 Android, Mt6761, Mt6763 and 8 more | 2023-11-13 | N/A | 6.7 MEDIUM |
| In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715. | |||||
| CVE-2023-32834 | 2 Google, Mediatek | 48 Android, Mt6580, Mt6735 and 45 more | 2023-11-13 | N/A | 6.7 MEDIUM |
| In secmem, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161762; Issue ID: ALPS08161762. | |||||
| CVE-2023-32835 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2023-11-13 | N/A | 6.7 MEDIUM |
| In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918. | |||||
| CVE-2023-25933 | 1 Facebook | 1 Hermes | 2023-11-07 | N/A | 9.8 CRITICAL |
| A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2023-23557 | 1 Facebook | 1 Hermes | 2023-11-07 | N/A | 9.8 CRITICAL |
| An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2023-0083 | 1 Openharmony | 1 Openharmony | 2023-11-07 | N/A | 5.5 MEDIUM |
| The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash. | |||||
| CVE-2022-42823 | 3 Apple, Debian, Fedoraproject | 8 Ipados, Iphone Os, Macos and 5 more | 2023-11-07 | N/A | 8.8 HIGH |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||