Filtered by CWE-843
Filtered by vendor Subscriptions
Total 675 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-9603 1 Google 1 Chrome 2025-01-02 8.8 High
Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-9602 1 Google 1 Chrome 2025-01-02 8.8 High
Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
CVE-2024-9122 1 Google 1 Chrome 2025-01-02 8.8 High
Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVE-2024-9859 1 Google 1 Chrome 2025-01-02 8.8 High
Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2023-35356 1 Microsoft 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more 2025-01-01 7.8 High
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35297 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2025-01-01 8.1 High
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-21675 1 Microsoft 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more 2025-01-01 7.8 High
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-43489 1 Microsoft 1 Edge Chromium 2025-01-01 6.5 Medium
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2024-54505 2 Apple, Redhat 13 Ipados, Iphone Os, Macos and 10 more 2024-12-21 6.5 Medium
A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.
CVE-2018-9471 1 Google 1 Android 2024-12-18 9.8 Critical
In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-54524 1 Apple 1 Macos 2024-12-18 5.5 Medium
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to access arbitrary files.
CVE-2019-13519 1 Rockwellautomation 1 Arena 2024-12-17 7.8 High
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities.
CVE-2024-12381 1 Google 1 Chrome 2024-12-17 8.8 High
Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-49602 1 Openatom 1 Openharmony 2024-12-16 2.9 Low
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.
CVE-2023-27930 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-12-05 7.8 High
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to execute arbitrary code with kernel privileges.
CVE-2023-20768 2 Google, Mediatek 43 Android, Mt6580, Mt6735 and 40 more 2024-12-05 6.7 Medium
In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07559800.
CVE-2024-11507 1 Irfanview 1 Irfanview 2024-11-29 7.8 High
IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22177.
CVE-2024-11508 1 Irfanview 1 Irfanview 2024-11-29 7.8 High
IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22184.
CVE-2024-34742 1 Google 1 Android 2024-11-25 5.5 Medium
In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-34394 1 Marudor 1 Libxmljs2 2024-11-25 8.1 High
libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes XmlNode::get_local_namespaces()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.