CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30266 – Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
https://notcve.org/view.php?id=CVE-2024-30266
wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1. wasmtime es un tiempo de ejecución para WebAssembly. La versión 19.0.0 de Wasmtime contiene una regresión introducida durante su desarrollo que puede provocar que un módulo WebAssembly invitado cause pánico en el tiempo de ejecución del host. • https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664 https://github.com/bytecodealliance/wasmtime/issues/8281 https://github.com/bytecodealliance/wasmtime/pull/8018 https://github.com/bytecodealliance/wasmtime/pull/8283 https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-3298 – Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the DWG and DXF file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024
https://notcve.org/view.php?id=CVE-2024-3298
Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. ... Existen vulnerabilidades de escritura fuera de los límites y confusión de tipos en el procedimiento de lectura de archivos en eDrawings desde la versión SOLIDWORKS 2023 hasta la versión SOLIDWORKS 2024. • https://www.3ds.com/vulnerability/advisories • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-21834 – Arkui has a type confusion vulnerability
https://notcve.org/view.php?id=CVE-2024-21834
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion. OpenHarmony v3.2.4 y versiones anteriores permiten que un atacante local provoque que las aplicaciones fallen debido a confusión de tipos. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-04.md • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30357 – Foxit PDF Reader AcroForm Annotation Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30357
Foxit PDF Reader AcroForm Annotation Type Confusion Remote Code Execution Vulnerability. ... The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. ... Vulnerabilidad de ejecución remota de código de confusión de tipos de anotación AcroForm de Foxit PDF Reader. ... El problema se debe a la falta de una validación adecuada de los datos proporcionados por el usuario, lo que puede dar lugar a una condición de confusión de tipos. ... The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • https://www.foxit.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-24-331 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 3CVE-2024-2887 – Google Chrome WASM Improper Input Validation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-2887
Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Type Confusion en WebAssembly en Google Chrome anterior a 123.0.6312.86 permitía a un atacante remoto ejecutar código arbitrario a través de una página HTML manipulada. • https://github.com/rycbar77/CVE-2024-2887 https://github.com/PumpkinBridge/Chrome-CVE-2024-2887-RCE-Poc https://github.com/PumpkinBridge/Chrome-CVE-2024-2887-RCE-POC https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html https://issues.chromium.org/issues/330588502 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3R •