Total
463 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-41190 | 2 Fedoraproject, Linuxfoundation | 3 Fedora, Open Container Initiative Distribution Specification, Open Container Initiative Image Format Specification | 2024-02-28 | 4.0 MEDIUM | 5.0 MEDIUM |
The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both “manifests” and “layers” fields or “manifests” and “config” fields if they are unable to update to version 1.0.1 of the spec. | |||||
CVE-2021-38001 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-1829 | 1 Apple | 1 Macos | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2021-40037 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart. | |||||
CVE-2021-39841 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Type Confusion vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2021-23820 | 1 Jsonpointer Project | 1 Jsonpointer | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays. | |||||
CVE-2021-24045 | 1 Facebook | 1 Hermes | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
CVE-2021-30561 | 1 Google | 1 Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-21230 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-28468 | 1 Microsoft | 1 Raw Image Extension | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Raw Image Extension Remote Code Execution Vulnerability | |||||
CVE-2021-23434 | 2 Debian, Object-path Project | 2 Debian Linux, Object-path | 2024-02-28 | 7.5 HIGH | 8.6 HIGH |
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto__' returns false if currentPath is ['__proto__']. This is because the === operator returns always false when the type of the operands is different. | |||||
CVE-2021-3320 | 1 Zephyrproject | 1 Zephyr | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7 | |||||
CVE-2021-35986 | 1 Adobe | 2 Acrobat Dc, Acrobat Reader Dc | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Type Confusion vulnerability. An unauthenticated attacker could leverage this vulnerability to read arbitrary system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2020-22882 | 1 Moddable | 1 Moddable | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Issue was discovered in the fxParserTree function in moddable, allows attackers to cause denial of service via a crafted payload. Fixed in commit 723816ab9b52f807180c99fc69c7d08cf6c6bd61. | |||||
CVE-2021-30859 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2021-30954 | 3 Apple, Debian, Fedoraproject | 8 Ipados, Iphone Os, Macos and 5 more | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
CVE-2021-30599 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||||
CVE-2021-30513 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-22354 | 1 Huawei | 2 Emui, Magic Ui | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
There is an Information Disclosure Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds read. | |||||
CVE-2020-36460 | 1 Model Project | 1 Model | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type. |