Vulnerabilities (CVE)

Filtered by CWE-843
Total 538 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-1077 3 Debian, Linux, Netapp 22 Debian Linux, Linux Kernel, 8300 and 19 more 2024-11-21 N/A 7.0 HIGH
In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.
CVE-2023-0703 1 Google 1 Chrome 2024-11-21 N/A 8.8 HIGH
Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium)
CVE-2023-0702 1 Google 1 Chrome 2024-11-21 N/A 8.8 HIGH
Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-0696 1 Google 1 Chrome 2024-11-21 N/A 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-0473 1 Google 1 Chrome 2024-11-21 N/A 8.8 HIGH
Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-0083 1 Openatom 1 Openharmony 2024-11-21 N/A 4.0 MEDIUM
The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash.
CVE-2022-4912 1 Google 1 Chrome 2024-11-21 N/A 8.8 HIGH
Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-4174 1 Google 1 Chrome 2024-11-21 N/A 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-46706 1 Apple 2 Mac Os X, Macos 2024-11-21 N/A 7.8 HIGH
A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges.
CVE-2022-3889 2 Debian, Google 2 Debian Linux, Chrome 2024-11-21 N/A 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-3652 1 Google 1 Chrome 2024-11-21 N/A 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-3315 1 Google 1 Chrome 2024-11-21 N/A 8.8 HIGH
Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
CVE-2022-37377 2 Foxit, Microsoft 3 Pdf Editor, Pdf Reader, Windows 2024-11-21 N/A 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor 11.1.1.53537;. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JavaScript optimizations. The issue results from an improper optimization, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16733.
CVE-2022-34918 4 Canonical, Debian, Linux and 1 more 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more 2024-11-21 7.2 HIGH 7.8 HIGH
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.
CVE-2022-34221 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-11-21 N/A 7.8 HIGH
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-30557 2 Foxit, Microsoft 3 Pdf Editor, Pdf Reader, Windows 2024-11-21 5.0 MEDIUM 7.5 HIGH
Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.
CVE-2022-2971 1 Mz-automation 1 Libiec61850 2024-11-21 N/A 8.6 HIGH
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload.
CVE-2022-2295 2 Fedoraproject, Google 3 Extra Packages For Enterprise Linux, Fedora, Chrome 2024-11-21 N/A 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-29209 1 Google 1 Tensorflow 2024-11-21 2.1 LOW 5.5 MEDIUM
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
CVE-2022-26435 3 Google, Mediatek, Yoctoproject 32 Android, Mt6833, Mt6853 and 29 more 2024-11-21 N/A 6.7 MEDIUM
In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138435; Issue ID: ALPS07138435.