CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-34391 – libxmljs attrs type confusion RCE
https://notcve.org/view.php?id=CVE-2024-34391
libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled). libxmljs es afectada por una vulnerabilidad de confusión de tipos cuando se analiza un XML especialmente manipulado al invocar una función en el resultado de attrs() que se llamó en un nodo analizado. • https://github.com/libxmljs/libxmljs/issues/645 https://research.jfrog.com/vulnerabilities/libxmljs-attrs-type-confusion-rce-jfsa-2024-001033988 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-25575
https://notcve.org/view.php?id=CVE-2024-25575
A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. ... Existe una vulnerabilidad de confusión de tipos en la forma en que Foxit Reader 2024.1.0.23997 maneja un objeto Lock. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1963 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4058
https://notcve.org/view.php?id=CVE-2024-4058
Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) La confusión de tipos en ANGLE en Google Chrome anterior a 124.0.6367.78 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html https://issues.chromium.org/issues/332546345 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2023-50433
https://notcve.org/view.php?id=CVE-2023-50433
The crash is caused by a type confusion bug that results in a large memory allocation; when this memory allocation fails the DHCP server will crash. marshall en dhcp_packet.c en simple-dhcp-server a través de ec976d2 permite a atacantes remotos provocar una denegación de servicio enviando un paquete DHCP malicioso. El bloqueo se debe a un error de confusión de tipos que da como resultado una gran asignación de memoria; cuando esta asignación de memoria falla, el servidor DHCP fallará. • https://papers.mathyvanhoef.com/esorics2024.pdf •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-3852 – Mozilla: GetBoundName in the JIT returned the wrong object
https://notcve.org/view.php?id=CVE-2024-3852
GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. GetBoundName podría devolver la versión incorrecta de un objeto cuando se aplicaron optimizaciones JIT. Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.10. The Mozilla Foundation Security Advisory describes this flaw as: GetBoundName could return the wrong version of an object when JIT optimizations were applied. • https://bugzilla.mozilla.org/show_bug.cgi?id=1883542 https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html https://www.mozilla.org/security/advisories/mfsa2024-18 https://www.mozilla.org/security/advisories/mfsa2024-19 https://www.mozilla.org/security/advisories/mfsa2024-20 https://access.redhat.com/security/cve/CVE-2024-3852 https://bugzilla.redhat.com/show_bug.cgi?id=2275547 • CWE-386: Symbolic Name not Mapping to Correct Object CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •