CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46798 – ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
https://notcve.org/view.php?id=CVE-2024-46798
18 Sep 2024 — Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. • https://git.kernel.org/stable/c/a72706ed8208ac3f72d1c3ebbc6509e368b0dcb0 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46782 – ila: call nf_unregister_net_hooks() sooner
https://notcve.org/view.php?id=CVE-2024-46782
18 Sep 2024 — [1] BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline] BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline] BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline] BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672 Read of size 4 at addr ffff888064620008 by task ksoftirqd/0/16 CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d2... • https://git.kernel.org/stable/c/7f00feaf107645d95a6d87e99b4d141ac0a08efd •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8904 – Debian Security Advisory 5773-1
https://notcve.org/view.php?id=CVE-2024-8904
17 Sep 2024 — Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45112 – Acrobat Reader | Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)
https://notcve.org/view.php?id=CVE-2024-45112
13 Sep 2024 — Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when a resource is accessed using a type that is not compatible with the actual object type, leading to a logic error that an attacker could exploit. ... Las versiones 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 y anteriores de Acrobat... • https://helpx.adobe.com/security/products/acrobat/apsb24-70.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46695 – selinux,smack: don't bypass permissions check in inode_setsecctx hook
https://notcve.org/view.php?id=CVE-2024-46695
13 Sep 2024 — Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. • https://git.kernel.org/stable/c/2dbc4b7bac60b02cc6e70d05bf6a7dfd551f9dda • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8638 – Debian Security Advisory 5768-1
https://notcve.org/view.php?id=CVE-2024-8638
11 Sep 2024 — Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.0EPSS: 0%CPEs: 21EXPL: 0CVE-2024-7652 – mozilla: Type Confusion in Async Generators in Javascript Engine
https://notcve.org/view.php?id=CVE-2024-7652
06 Sep 2024 — An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. ... The Mozilla Foundation Security Advisory describes this flaw as follows: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1901411 • CWE-476: NULL Pointer Dereference CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6119 – Possible denial of service in X.509 name checks
https://notcve.org/view.php?id=CVE-2024-6119
03 Sep 2024 — Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject ... • https://openssl-library.org/news/secadv/20240903.txt • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-8386 – mozilla: SelectElements could be shown over another site if popups are allowed
https://notcve.org/view.php?id=CVE-2024-8386
03 Sep 2024 — Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain property name lookups. • https://bugzilla.mozilla.org/show_bug.cgi?id=1907032 • CWE-290: Authentication Bypass by Spoofing CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-8385 – mozilla: WASM type confusion involving ArrayTypes
https://notcve.org/view.php?id=CVE-2024-8385
03 Sep 2024 — A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. ... A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. ... The Mozilla Foundation's Security Advisory: A di... • https://bugzilla.mozilla.org/show_bug.cgi?id=1911909 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •