Total
707 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21834 | 1 Openatom | 1 Openharmony | 2025-01-02 | N/A | 3.3 LOW |
|
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.
|
|||||
| CVE-2024-12053 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-8904 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-9603 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-9122 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-9859 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
|
Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2023-35356 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2025-01-01 | N/A | 7.8 HIGH |
|
Windows Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-1938 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-19 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-1939 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-19 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-5158 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-19 | N/A | 8.1 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2018-9471 | 1 Google | 1 Android | 2024-12-18 | N/A | 7.8 HIGH |
|
In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2019-13519 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | 6.8 MEDIUM | 7.8 HIGH |
|
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities.
|
|||||
| CVE-2023-49602 | 1 Openatom | 1 Openharmony | 2024-12-16 | N/A | 2.9 LOW |
|
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.
|
|||||
| CVE-2024-12381 | 1 Google | 1 Chrome | 2024-12-13 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-26232 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-06 | N/A | 7.3 HIGH |
|
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
|
|||||
| CVE-2024-11507 | 1 Irfanview | 1 Irfanview | 2024-11-29 | N/A | 7.8 HIGH |
|
IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion conditio ...
Show More |
|||||
| CVE-2024-11508 | 1 Irfanview | 1 Irfanview | 2024-11-29 | N/A | 7.8 HIGH |
|
IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion conditio ...
Show More |
|||||
| CVE-2024-34742 | 1 Google | 1 Android | 2024-11-25 | N/A | 5.5 MEDIUM |
|
In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-34394 | 2024-11-25 | N/A | 8.1 HIGH | ||
|
libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes XmlNode::get_local_namespaces()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.
|
|||||
| CVE-2024-34393 | 2024-11-25 | N/A | 8.1 HIGH | ||
|
libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled).
|
|||||
| CVE-2018-9339 | 1 Google | 1 Android | 2024-11-22 | N/A | 7.8 HIGH |
|
In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-6100 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-5843 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium)
|
|||||
| CVE-2024-5838 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-5837 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-5833 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-5830 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-5597 | 1 Fujielectric | 1 Monitouch V-sft | 2024-11-21 | N/A | 7.8 HIGH |
|
Fuji Electric Monitouch V-SFT is vulnerable to a type confusion, which could cause a crash or code execution.
|
|||||
| CVE-2024-3298 | 2024-11-21 | N/A | 7.8 HIGH | ||
|
Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF. NOTE: this vulnerability was SPLIT from CVE-2024-1847.
|
|||||
| CVE-2024-37987 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.0 HIGH |
|
Secure Boot Security Feature Bypass Vulnerability
|
|||||
| CVE-2024-36278 | 1 Openatom | 1 Openharmony | 2024-11-21 | N/A | 3.3 LOW |
|
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.
|
|||||
| CVE-2024-31071 | 1 Openatom | 1 Openharmony | 2024-11-21 | N/A | 3.3 LOW |
|
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.
|
|||||
| CVE-2024-21363 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
|
|||||
| CVE-2024-21357 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-21 | N/A | 8.1 HIGH |
|
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
|
|||||
| CVE-2024-20662 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-11-21 | N/A | 4.9 MEDIUM |
|
Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability
|
|||||
| CVE-2024-1848 | 2024-11-21 | N/A | 7.8 HIGH | ||
|
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024.
These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file.
|
|||||
| CVE-2024-1847 | 2024-11-21 | N/A | 7.8 HIGH | ||
|
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SP ...
Show More |
|||||
| CVE-2024-0518 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2023-6939 | 1 Hihonor | 1 Magic Ui | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Some Honor products are affected by type confusion vulnerability, successful exploitation could cause denial of service.
|
|||||
| CVE-2023-6348 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||