CVE-2024-3852 – Mozilla: GetBoundName in the JIT returned the wrong object
https://notcve.org/view.php?id=CVE-2024-3852
GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. GetBoundName podría devolver la versión incorrecta de un objeto cuando se aplicaron optimizaciones JIT. Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.10. The Mozilla Foundation Security Advisory describes this flaw as: GetBoundName could return the wrong version of an object when JIT optimizations were applied. • https://bugzilla.mozilla.org/show_bug.cgi?id=1883542 https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html https://www.mozilla.org/security/advisories/mfsa2024-18 https://www.mozilla.org/security/advisories/mfsa2024-19 https://www.mozilla.org/security/advisories/mfsa2024-20 https://access.redhat.com/security/cve/CVE-2024-3852 https://bugzilla.redhat.com/show_bug.cgi?id=2275547 • CWE-386: Symbolic Name not Mapping to Correct Object CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2024-20678 – Remote Procedure Call Runtime Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20678
Remote Procedure Call Runtime Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en tiempo de ejecución de llamada a procedimiento remoto • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20678 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2024-26232 – Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-26232
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Microsoft Message Queuing (MSMQ) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26232 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2024-30266 – Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
https://notcve.org/view.php?id=CVE-2024-30266
wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1. wasmtime es un tiempo de ejecución para WebAssembly. La versión 19.0.0 de Wasmtime contiene una regresión introducida durante su desarrollo que puede provocar que un módulo WebAssembly invitado cause pánico en el tiempo de ejecución del host. • https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664 https://github.com/bytecodealliance/wasmtime/issues/8281 https://github.com/bytecodealliance/wasmtime/pull/8018 https://github.com/bytecodealliance/wasmtime/pull/8283 https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2024-3298 – Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the DWG and DXF file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024
https://notcve.org/view.php?id=CVE-2024-3298
Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. ... Existen vulnerabilidades de escritura fuera de los límites y confusión de tipos en el procedimiento de lectura de archivos en eDrawings desde la versión SOLIDWORKS 2023 hasta la versión SOLIDWORKS 2024. • https://www.3ds.com/vulnerability/advisories • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •