Total
562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36578 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.3 HIGH |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | |||||
| CVE-2023-36017 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.8 HIGH |
| Windows Scripting Engine Memory Corruption Vulnerability | |||||
| CVE-2023-35297 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.1 HIGH |
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | |||||
| CVE-2023-34967 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves. | |||||
| CVE-2023-32818 | 2 Google, Mediatek | 11 Android, Mt6761, Mt6763 and 8 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715. | |||||
| CVE-2023-32664 | 1 Foxit | 1 Pdf Reader | 2024-11-21 | N/A | 8.8 HIGH |
| A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. Specially crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to trigger the vulnerability. | |||||
| CVE-2023-32358 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-11-21 | N/A | 8.8 HIGH |
| A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-2234 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | N/A | 6.8 MEDIUM |
| Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host. | |||||
| CVE-2023-28729 | 1 Panasonic | 1 Control Fpwin Pro | 2024-11-21 | N/A | 7.8 HIGH |
| A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. | |||||
| CVE-2023-28575 | 1 Qualcomm | 120 205, 205 Firmware, 215 and 117 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it. | |||||
| CVE-2023-28243 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | |||||
| CVE-2023-27930 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | N/A | 7.8 HIGH |
| A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-24944 | 1 Microsoft | 8 Windows 10 1809, Windows 10 20h2, Windows 10 21h2 and 5 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Windows Bluetooth Driver Information Disclosure Vulnerability | |||||
| CVE-2023-24929 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | |||||
| CVE-2023-24927 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | |||||
| CVE-2023-24885 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | |||||
| CVE-2023-24823 | 1 Riot-os | 1 Riot | 2024-11-21 | N/A | 9.8 CRITICAL |
| RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header. This occurs while encoding a 6LoWPAN IPHC header. The type confusion manifests in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, apply the patches manually. | |||||
| CVE-2023-23442 | 1 Hihonor | 1 Magic Os | 2024-11-21 | N/A | 4.6 MEDIUM |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-22579 | 1 Sequelizejs | 1 Sequelize | 2024-11-21 | N/A | 9.9 CRITICAL |
| Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. | |||||
| CVE-2023-21675 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||