Total
449 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-8252 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to information disclosure. | |||||
CVE-2020-9800 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
CVE-2020-10757 | 7 Canonical, Debian, Fedoraproject and 4 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. | |||||
CVE-2019-8249 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
CVE-2020-5754 | 1 Webroot | 1 Endpoint Agents | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
Webroot endpoint agents prior to version v9.0.28.48 allows remote attackers to trigger a type confusion vulnerability over its listening TCP port, resulting in crashing or reading memory contents of the Webroot endpoint agent. | |||||
CVE-2020-6430 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2020-10891 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Save command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9831. | |||||
CVE-2020-1911 | 1 Facebook | 1 Hermes | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
CVE-2019-20587 | 1 Google | 1 Android | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (with TEEGRIS) software. There is type confusion in the MLDAP Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14867 (August 2019). | |||||
CVE-2020-9261 | 1 Huawei | 2 Mate 30, Mate 30 Firmware | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a type confusion vulnerability. The system does not properly check and transform the type of certain variable, the attacker tricks the user into installing then running a crafted application, successful exploit could cause code execution. | |||||
CVE-2020-15638 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NodeProperties::InferReceiverMapsUnsafe method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10950. | |||||
CVE-2020-2907 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-02-28 | 4.6 MEDIUM | 7.5 HIGH |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). | |||||
CVE-2020-11603 | 1 Google | 1 Android | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software. Type confusion in the MLDAP Trustlet allows arbitrary code execution. The Samsung ID is SVE-2020-16599 (April 2020). | |||||
CVE-2019-5183 | 2 Amd, Vmware | 2 Atidxx64, Workstation | 2024-02-28 | 6.8 MEDIUM | 9.0 CRITICAL |
An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | |||||
CVE-2020-3757 | 6 Adobe, Apple, Google and 3 more | 10 Flash Player, Macos, Chrome Os and 7 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2020-6382 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2019-17017 | 4 Canonical, Debian, Mozilla and 1 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | |||||
CVE-2019-13764 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2016-1000005 | 1 Facebook | 1 Hhvm | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive). | |||||
CVE-2019-11750 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. |