
CVE-2024-8385 – mozilla: WASM type confusion involving ArrayTypes
https://notcve.org/view.php?id=CVE-2024-8385
03 Sep 2024 — A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. ... A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. ... The Mozilla Foundation's Security Advisory: A di... • https://bugzilla.mozilla.org/show_bug.cgi?id=1911909 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVE-2024-8384 – mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions
https://notcve.org/view.php?id=CVE-2024-8384
03 Sep 2024 — Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain property name lookups. ... Seunghyun Lee discovered that Firefox contained a type confusion vulnerability when handling certain ArrayTypes. • https://bugzilla.mozilla.org/show_bug.cgi?id=1911288 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •

CVE-2024-8383 – mozilla: Firefox did not ask before openings news: links in an external application
https://notcve.org/view.php?id=CVE-2024-8383
03 Sep 2024 — Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain property name lookups. ... Seunghyun Lee discovered that Firefox contained a type confusion vulnerability when handling certain ArrayTypes. • https://bugzilla.mozilla.org/show_bug.cgi?id=1908496 • CWE-862: Missing Authorization CWE-1188: Initialization of a Resource with an Insecure Default •

CVE-2024-8381 – mozilla: Type confusion when looking up a property name in a "with" block
https://notcve.org/view.php?id=CVE-2024-8381
03 Sep 2024 — A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. ... A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. ... The Mozilla Foundation's Security... • https://github.com/bjrjk/CVE-2024-8381 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVE-2024-8194 – Debian Security Advisory 5761-1
https://notcve.org/view.php?id=CVE-2024-8194
28 Aug 2024 — Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVE-2024-44942 – f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC
https://notcve.org/view.php?id=CVE-2024-44942
26 Aug 2024 — Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. • https://git.kernel.org/stable/c/ae00e6536a2dd54b64b39e9a39548870cf835745 •

CVE-2024-44940 – fou: remove warn in gue_gro_receive on unsupported protocol
https://notcve.org/view.php?id=CVE-2024-44940
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: fou: remove warn in gue_gro_receive on unsupported protocol Drop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is not known or does not have a GRO handler. In the Linux kernel, the following vulnerability has been resolved: fou: remove warn in gue_gro_receive on unsupported protocol Drop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is not known or does not have a GRO handler. ... • https://git.kernel.org/stable/c/a925a200299a6dfc7c172f54da6f374edc930053 •

CVE-2024-43904 – drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing
https://notcve.org/view.php?id=CVE-2024-43904
26 Aug 2024 — /display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed 'plane' could be null (see line 922) Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. • https://git.kernel.org/stable/c/fcf9d6a9f30ea414b6b84a6e901cebd44e146847 •

CVE-2024-43902 – drm/amd/display: Add null checker before passing variables
https://notcve.org/view.php?id=CVE-2024-43902
26 Aug 2024 — Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. • https://git.kernel.org/stable/c/d0b8b23b9c2ebec693a36fea518d8f13493ad655 •

CVE-2024-38207 – Microsoft Edge (HTML-based) Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2024-38207
23 Aug 2024 — Microsoft Edge (HTML-based) Memory Corruption Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38207 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •