CVE-2024-34394 – libxmljs2 namespaces type confusion RCE
https://notcve.org/view.php?id=CVE-2024-34394
libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes XmlNode::get_local_namespaces()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution. libxmljs2 es afectada por una vulnerabilidad de confusión de tipos cuando analiza un XML especialmente manipulado mientras se invoca la función namespaces() (que invoca XmlNode::get_local_namespaces()) en un nieto de un nodo que hace referencia a una entidad. • https://github.com/marudor/libxmljs2/issues/205 https://research.jfrog.com/vulnerabilities/libxmljs2-namespaces-type-confusion-rce-jfsa-2024-001034098 •
CVE-2024-34393 – libxmljs2 attrs type confusion RCE
https://notcve.org/view.php?id=CVE-2024-34393
libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled). libxmljs2 es afectada por una vulnerabilidad de confusión de tipos cuando se analiza un XML especialmente manipulado al invocar una función en el resultado de attrs() que se llamó en un nodo analizado. • https://github.com/marudor/libxmljs2/issues/204 https://research.jfrog.com/vulnerabilities/libxmljs2-attrs-type-confusion-rce-jfsa-2024-001034097 •
CVE-2024-34392 – libxmljs namespaces type confusion RCE
https://notcve.org/view.php?id=CVE-2024-34392
libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes _wrap__xmlNode_nsDef_get()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution. libxmljs es afectada por una vulnerabilidad de confusión de tipos cuando analiza un XML especialmente manipulado mientras se invoca la función namespaces() (que invoca _wrap__xmlNode_nsDef_get()) en un nieto de un nodo que hace referencia a una entidad. • https://github.com/libxmljs/libxmljs/issues/646 https://research.jfrog.com/vulnerabilities/libxmljs-namespaces-type-confusion-rce-jfsa-2024-001034096 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2024-34391 – libxmljs attrs type confusion RCE
https://notcve.org/view.php?id=CVE-2024-34391
libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled). libxmljs es afectada por una vulnerabilidad de confusión de tipos cuando se analiza un XML especialmente manipulado al invocar una función en el resultado de attrs() que se llamó en un nodo analizado. • https://github.com/libxmljs/libxmljs/issues/645 https://research.jfrog.com/vulnerabilities/libxmljs-attrs-type-confusion-rce-jfsa-2024-001033988 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2024-25575
https://notcve.org/view.php?id=CVE-2024-25575
A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. ... Existe una vulnerabilidad de confusión de tipos en la forma en que Foxit Reader 2024.1.0.23997 maneja un objeto Lock. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1963 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •