Total
465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4061 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-23447 | 1 Teddy Project | 1 Teddy | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string). | |||||
| CVE-2021-41190 | 2 Fedoraproject, Linuxfoundation | 3 Fedora, Open Container Initiative Distribution Specification, Open Container Initiative Image Format Specification | 2024-02-28 | 4.0 MEDIUM | 5.0 MEDIUM |
| The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both “manifests” and “layers” fields or “manifests” and “config” fields if they are unable to update to version 1.0.1 of the spec. | |||||
| CVE-2021-38001 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-1829 | 1 Apple | 1 Macos | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-40037 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart. | |||||
| CVE-2021-39841 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Type Confusion vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-23820 | 1 Jsonpointer Project | 1 Jsonpointer | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays. | |||||
| CVE-2021-24045 | 1 Facebook | 1 Hermes | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
| A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2021-30561 | 1 Google | 1 Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-23434 | 2 Debian, Object-path Project | 2 Debian Linux, Object-path | 2024-02-28 | 7.5 HIGH | 8.6 HIGH |
| This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto__' returns false if currentPath is ['__proto__']. This is because the === operator returns always false when the type of the operands is different. | |||||
| CVE-2021-35986 | 1 Adobe | 2 Acrobat Dc, Acrobat Reader Dc | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Type Confusion vulnerability. An unauthenticated attacker could leverage this vulnerability to read arbitrary system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-30859 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-30954 | 3 Apple, Debian, Fedoraproject | 8 Ipados, Iphone Os, Macos and 5 more | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-30599 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||||
| CVE-2020-36460 | 1 Model Project | 1 Model | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type. | |||||
| CVE-2021-30852 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-23436 | 1 Immer Project | 1 Immer | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition (p === "__proto__" || p === "constructor") in applyPatches_ returns false if p is ['__proto__'] (or ['constructor']). The === operator (strict equality operator) returns false if the operands have different type. | |||||
| CVE-2021-30598 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||||
| CVE-2021-28643 | 1 Adobe | 2 Acrobat Dc, Acrobat Reader Dc | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Type Confusion vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||