CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-14537
https://notcve.org/view.php?id=CVE-2019-14537
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass. • https://github.com/Wocanilo/CVE-2019-14537 https://github.com/YOURLS/YOURLS/commits/master https://github.com/YOURLS/YOURLS/pull/2542 https://github.com/YOURLS/YOURLS/releases https://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10980 – LAquis SCADA LQS File Parsing Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-10980
A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. ... Una vulnerabilidad de confusión de tipo puede ser explotada cuando LAquis SCADA versión 4.3.1.71, procesa un archivo de proyecto especialmente diseñado. ... The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • https://www.us-cert.gov/ics/advisories/icsa-19-213-06 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 2%CPEs: 11EXPL: 0CVE-2019-8669 – Apple Safari bind Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-8669
By performing actions in JavaScript, an attacker can trigger a type confusion condition. • https://support.apple.com/HT210346 https://support.apple.com/HT210348 https://support.apple.com/HT210351 https://support.apple.com/HT210353 https://support.apple.com/HT210355 https://support.apple.com/HT210356 https://support.apple.com/HT210357 https://support.apple.com/HT210358 https://access.redhat.com/security/cve/CVE-2019-8669 https://bugzilla.redhat.com/show_bug.cgi?id=1876631 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 37EXPL: 0CVE-2019-13118
https://notcve.org/view.php?id=CVE-2019-13118
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html http://seclists.org/fulldisclosure/2019/Aug/11 http://seclists.org/fulldisclosure/2019/Aug/13 http://seclists.org/fulldisclosure/2019/Aug/14 http://seclists.org/fulldisclosure/2019/Aug/15 http://seclists.org/fulldisclosure/2019/Jul/22 http://seclists.org/fulldisclosure/2019/Jul/23 http://seclists.org/fulldisclosure/2019/Jul/24 http://seclists.org/fulldisclosure/2019/Jul/26 http://seclists.org/fulldisclosur • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 80%CPEs: 3EXPL: 3CVE-2019-11707 – Mozilla Firefox and Thunderbird Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2019-11707
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. ... Se puede producir una vulnerabilidad de tipo confusión cuando se manipulan objetos de JavaScript debido a problemas en Array.pop. ... Spidermonkey IonMonkey incorrectly predicts return type of Array.prototype.pop, leading to type confusion vulnerabilities. Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash. • https://www.exploit-db.com/exploits/47038 https://www.exploit-db.com/exploits/50691 https://github.com/vigneshsrao/CVE-2019-11707 https://bugzilla.mozilla.org/show_bug.cgi?id=1544386 https://security.gentoo.org/glsa/201908-12 https://www.mozilla.org/security/advisories/mfsa2019-18 https://www.mozilla.org/security/advisories/mfsa2019-20 https://access.redhat.com/security/cve/CVE-2019-11707 https://bugzilla.redhat.com/show_bug.cgi?id=1721789 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •