CVE-2024-4058
https://notcve.org/view.php?id=CVE-2024-4058
Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) La confusión de tipos en ANGLE en Google Chrome anterior a 124.0.6367.78 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html https://issues.chromium.org/issues/332546345 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-50433
https://notcve.org/view.php?id=CVE-2023-50433
The crash is caused by a type confusion bug that results in a large memory allocation; when this memory allocation fails the DHCP server will crash. marshall en dhcp_packet.c en simple-dhcp-server a través de ec976d2 permite a atacantes remotos provocar una denegación de servicio enviando un paquete DHCP malicioso. El bloqueo se debe a un error de confusión de tipos que da como resultado una gran asignación de memoria; cuando esta asignación de memoria falla, el servidor DHCP fallará. • https://papers.mathyvanhoef.com/esorics2024.pdf • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2024-3852 – Mozilla: GetBoundName in the JIT returned the wrong object
https://notcve.org/view.php?id=CVE-2024-3852
GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. GetBoundName podría devolver la versión incorrecta de un objeto cuando se aplicaron optimizaciones JIT. Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.10. The Mozilla Foundation Security Advisory describes this flaw as: GetBoundName could return the wrong version of an object when JIT optimizations were applied. • https://bugzilla.mozilla.org/show_bug.cgi?id=1883542 https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html https://www.mozilla.org/security/advisories/mfsa2024-18 https://www.mozilla.org/security/advisories/mfsa2024-19 https://www.mozilla.org/security/advisories/mfsa2024-20 https://access.redhat.com/security/cve/CVE-2024-3852 https://bugzilla.redhat.com/show_bug.cgi?id=2275547 • CWE-386: Symbolic Name not Mapping to Correct Object CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2024-20678 – Remote Procedure Call Runtime Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20678
Remote Procedure Call Runtime Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en tiempo de ejecución de llamada a procedimiento remoto • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20678 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2024-26232 – Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-26232
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Microsoft Message Queuing (MSMQ) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26232 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •