Vulnerabilities (CVE)

Filtered by CWE-843
Total 463 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-41190 2 Fedoraproject, Linuxfoundation 3 Fedora, Open Container Initiative Distribution Specification, Open Container Initiative Image Format Specification 2024-02-28 4.0 MEDIUM 5.0 MEDIUM
The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both “manifests” and “layers” fields or “manifests” and “config” fields if they are unable to update to version 1.0.1 of the spec.
CVE-2021-38001 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-28 6.8 MEDIUM 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-1829 1 Apple 1 Macos 2024-02-28 10.0 HIGH 9.8 CRITICAL
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges.
CVE-2021-40037 1 Huawei 3 Emui, Harmonyos, Magic Ui 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.
CVE-2021-39841 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-02-28 6.8 MEDIUM 7.8 HIGH
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Type Confusion vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-23820 1 Jsonpointer Project 1 Jsonpointer 2024-02-28 7.5 HIGH 9.8 CRITICAL
This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays.
CVE-2021-24045 1 Facebook 1 Hermes 2024-02-28 6.8 MEDIUM 9.8 CRITICAL
A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
CVE-2021-30561 1 Google 1 Chrome 2024-02-28 6.8 MEDIUM 8.8 HIGH
Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21230 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-28 6.8 MEDIUM 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-28468 1 Microsoft 1 Raw Image Extension 2024-02-28 6.8 MEDIUM 7.8 HIGH
Raw Image Extension Remote Code Execution Vulnerability
CVE-2021-23434 2 Debian, Object-path Project 2 Debian Linux, Object-path 2024-02-28 7.5 HIGH 8.6 HIGH
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto__' returns false if currentPath is ['__proto__']. This is because the === operator returns always false when the type of the operands is different.
CVE-2021-3320 1 Zephyrproject 1 Zephyr 2024-02-28 5.0 MEDIUM 7.5 HIGH
Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2.4.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-27r3-rxch-2hm7
CVE-2021-35986 1 Adobe 2 Acrobat Dc, Acrobat Reader Dc 2024-02-28 4.3 MEDIUM 3.3 LOW
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Type Confusion vulnerability. An unauthenticated attacker could leverage this vulnerability to read arbitrary system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2020-22882 1 Moddable 1 Moddable 2024-02-28 5.0 MEDIUM 7.5 HIGH
Issue was discovered in the fxParserTree function in moddable, allows attackers to cause denial of service via a crafted payload. Fixed in commit 723816ab9b52f807180c99fc69c7d08cf6c6bd61.
CVE-2021-30859 1 Apple 4 Ipados, Iphone Os, Mac Os X and 1 more 2024-02-28 9.3 HIGH 7.8 HIGH
A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges.
CVE-2021-30954 3 Apple, Debian, Fedoraproject 8 Ipados, Iphone Os, Macos and 5 more 2024-02-28 9.3 HIGH 7.8 HIGH
A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2021-30599 2 Fedoraproject, Google 2 Fedora, Chrome 2024-02-28 6.8 MEDIUM 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2021-30513 2 Fedoraproject, Google 2 Fedora, Chrome 2024-02-28 6.8 MEDIUM 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-22354 1 Huawei 2 Emui, Magic Ui 2024-02-28 6.4 MEDIUM 9.1 CRITICAL
There is an Information Disclosure Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds read.
CVE-2020-36460 1 Model Project 1 Model 2024-02-28 6.8 MEDIUM 8.1 HIGH
An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type.