Total
468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36278 | 1 Openatom | 1 Openharmony | 2024-11-21 | N/A | 3.3 LOW |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion. | |||||
| CVE-2024-34392 | 2024-11-21 | N/A | 8.1 HIGH | ||
| libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes _wrap__xmlNode_nsDef_get()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution. | |||||
| CVE-2024-34391 | 2024-11-21 | N/A | 8.1 HIGH | ||
| libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled). | |||||
| CVE-2024-32922 | 2024-11-21 | N/A | 7.4 HIGH | ||
| In gpu_pm_power_on_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-32919 | 2024-11-21 | N/A | 7.8 HIGH | ||
| In lwis_add_completion_fence of lwis_fence.c, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-32892 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-32063 | 2024-11-21 | N/A | 7.8 HIGH | ||
| A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21573) | |||||
| CVE-2024-32062 | 2024-11-21 | N/A | 7.8 HIGH | ||
| A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21568) | |||||
| CVE-2024-32057 | 2024-11-21 | N/A | 7.8 HIGH | ||
| A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21562) | |||||
| CVE-2024-31071 | 1 Openatom | 1 Openharmony | 2024-11-21 | N/A | 3.3 LOW |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion. | |||||
| CVE-2024-30357 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Foxit PDF Reader AcroForm Annotation Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects in AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22818. | |||||
| CVE-2024-30266 | 2024-11-21 | N/A | 3.3 LOW | ||
| wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1. | |||||
| CVE-2024-30034 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | |||||
| CVE-2024-27236 | 2024-11-21 | N/A | 8.4 HIGH | ||
| In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-26232 | 2024-11-21 | N/A | 7.3 HIGH | ||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | |||||
| CVE-2024-25575 | 2024-11-21 | N/A | 8.8 HIGH | ||
| A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | |||||
| CVE-2024-23222 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
| A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited. | |||||
| CVE-2024-21834 | 2024-11-21 | N/A | 3.3 LOW | ||
| in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion. | |||||
| CVE-2024-21363 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | |||||
| CVE-2024-21357 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-21 | N/A | 8.1 HIGH |
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | |||||