CVE-2024-1848 – Multiple vulnerabilities exist in file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024
https://notcve.org/view.php?id=CVE-2024-1848
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file. Existen vulnerabilidades de desbordamiento de búfer de almacenamiento dinámico, corrupción de memoria, lectura fuera de los límites, escritura fuera de los límites, desbordamiento de búfer en la región stack de la memoria, confusión de tipos, variable no inicializada y Use-After-Free vulnerabilidades en el procedimiento de lectura de archivos en SOLIDWORKS Desktop en la versión SOLIDWORKS 2024. • https://www.3ds.com/vulnerability/advisories • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-416: Use After Free CWE-457: Use of Uninitialized Variable CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-908: Use of Uninitialized Resource •
CVE-2024-26000 – PHOENIX CONTACT: Out of bounds read only memory access
https://notcve.org/view.php?id=CVE-2024-26000
The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-20: Improper Input Validation •
CVE-2024-27236
https://notcve.org/view.php?id=CVE-2024-27236
In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption due to type confusion. ... En aoc_unlocked_ioctl de aoc.c, existe una posible corrupción de memoria debido a confusión de tipos. • https://source.android.com/security/bulletin/pixel/2024-03-01 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-49602 – Arkui has a type confusion vulnerability
https://notcve.org/view.php?id=CVE-2023-49602
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-03.md • CWE-125: Out-of-bounds Read CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2024-1939
https://notcve.org/view.php?id=CVE-2024-1939
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Type Confusion en V8 en Google Chrome anterior a 122.0.6261.94 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. • https://github.com/rycbar77/CVE-2024-1939 https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html https://issues.chromium.org/issues/323694592 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWSP5MIK7CDWJQHN2SJJX2YGSSS7E4O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6KJCEJWJR5Z54Z75LRJGELDNMFDKLZG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTGM2WHYSZAUUPENB7YO6E5ONAKE6AKJ • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •