Total
707 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14243 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addPageOpenJSMessage method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the cur ...
Show More |
|||||
| CVE-2018-14242 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. ...
Show More |
|||||
| CVE-2018-14241 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAnnot method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. ...
Show More |
|||||
| CVE-2018-11623 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAdLayer method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current proce ...
Show More |
|||||
| CVE-2018-10495 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute c ...
Show More |
|||||
| CVE-2017-16745 | 1 Deltaww | 1 Delta Industrial Automation Screen Editor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vulnerability may allow an attacker to execute remote code when processing specially crafted .dpb files.
|
|||||
| CVE-2017-15860 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur.
|
|||||
| CVE-2017-13220 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.
|
|||||
| CVE-2016-1000005 | 1 Facebook | 1 Hhvm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).
|
|||||
| CVE-2012-4512 | 2 Kde, Redhat | 5 Kde, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."
|
|||||
| CVE-2024-43498 | 3 Apple, Linux, Microsoft | 5 Macos, Linux Kernel, .net and 2 more | 2024-11-19 | N/A | 9.8 CRITICAL |
|
.NET and Visual Studio Remote Code Execution Vulnerability
|
|||||
| CVE-2024-10230 | 1 Google | 1 Chrome | 2024-10-31 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-7824 | 1 Webroot | 1 Secureanywhere Web Shield | 2024-10-30 | 6.3 MEDIUM | 9.8 CRITICAL |
|
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.
|
|||||
| CVE-2024-7825 | 1 Webroot | 1 Secureanywhere Web Shield | 2024-10-30 | 6.2 MEDIUM | 9.8 CRITICAL |
|
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.
|
|||||
| CVE-2024-10231 | 1 Google | 1 Chrome | 2024-10-25 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-43596 | 1 Microsoft | 1 Edge Chromium | 2024-10-18 | N/A | 8.8 HIGH |
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
|||||
| CVE-2024-43489 | 1 Microsoft | 1 Edge Chromium | 2024-09-23 | N/A | 8.8 HIGH |
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
|||||
| CVE-2024-38209 | 1 Microsoft | 1 Edge Chromium | 2024-09-19 | N/A | 7.8 HIGH |
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
|||||
| CVE-2024-38207 | 1 Microsoft | 1 Edge Chromium | 2024-09-19 | N/A | 6.3 MEDIUM |
|
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
|
|||||
| CVE-2024-45112 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-09-19 | N/A | 7.8 HIGH |
|
Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when a resource is accessed using a type that is not compatible with the actual object type, leading to a logic error that an attacker could exploit. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-8638 | 1 Google | 1 Chrome | 2024-09-13 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-8385 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-09-06 | N/A | 9.8 CRITICAL |
|
A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
|
|||||
| CVE-2024-8194 | 1 Google | 1 Chrome | 2024-08-30 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-38219 | 1 Microsoft | 1 Edge Chromium | 2024-08-29 | N/A | 9.0 CRITICAL |
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
|||||
| CVE-2024-7969 | 1 Google | 1 Chrome | 2024-08-28 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-43357 | 2024-08-19 | N/A | 8.6 HIGH | ||
|
ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript (JavaScript) specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type confusion and pointer dereference.
The internal async generator machinery calls regular promise resolver functions on IteratorResult (`{ done, value }`) objects that it creates, assuming that the Iterator ...
Show More |
|||||
| CVE-2024-7550 | 1 Google | 1 Chrome | 2024-08-12 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||