Vulnerabilities (CVE)

Filtered by CWE-843
Total 465 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-28729 1 Panasonic 1 Control Fpwin Pro 2024-11-21 N/A 7.8 HIGH
A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.
CVE-2023-28575 1 Qualcomm 120 205, 205 Firmware, 215 and 117 more 2024-11-21 N/A 6.7 MEDIUM
The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.
CVE-2023-28243 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2024-11-21 N/A 8.8 HIGH
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-27930 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-11-21 N/A 7.8 HIGH
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to execute arbitrary code with kernel privileges.
CVE-2023-26063 1 Lexmark 217 6500e, B2236, B2338 and 214 more 2024-11-21 N/A 9.8 CRITICAL
Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type.
CVE-2023-25933 1 Facebook 1 Hermes 2024-11-21 N/A 9.8 CRITICAL
A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.
CVE-2023-24944 1 Microsoft 8 Windows 10 1809, Windows 10 20h2, Windows 10 21h2 and 5 more 2024-11-21 N/A 6.5 MEDIUM
Windows Bluetooth Driver Information Disclosure Vulnerability
CVE-2023-24929 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2024-11-21 N/A 8.8 HIGH
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24927 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2024-11-21 N/A 8.8 HIGH
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24885 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2024-11-21 N/A 8.8 HIGH
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24823 1 Riot-os 1 Riot 2024-11-21 N/A 9.8 CRITICAL
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header. This occurs while encoding a 6LoWPAN IPHC header. The type confusion manifests in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, apply the patches manually.
CVE-2023-23557 1 Facebook 1 Hermes 2024-11-21 N/A 9.8 CRITICAL
An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.
CVE-2023-23529 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2024-11-21 N/A 8.8 HIGH
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2023-23455 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 N/A 5.5 MEDIUM
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
CVE-2023-23454 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 N/A 5.5 MEDIUM
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
CVE-2023-23443 1 Hihonor 1 Magic Os 2024-11-21 N/A 4.6 MEDIUM
Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.
CVE-2023-23442 1 Hihonor 1 Magic Os 2024-11-21 N/A 4.6 MEDIUM
Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.
CVE-2023-22579 1 Sequelizejs 1 Sequelize 2024-11-21 N/A 9.9 CRITICAL
Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.
CVE-2023-21675 1 Microsoft 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more 2024-11-21 N/A 7.8 HIGH
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-21287 1 Google 1 Android 2024-11-21 N/A 9.8 CRITICAL
In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.