CVE-2023-36578 – Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-36578
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en Microsoft Message Queuing • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36578 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-36594 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36594
The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36594 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-45204 – Siemens Tecnomatix Plant Simulation IGS File Parsing Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-45204
The affected applications contain a type confusion vulnerability while parsing specially crafted IGS files. ... (ZDI-CAN-21268) Se ha identificado una vulnerabilidad en: Tecnomatix Plant Simulation V2201 (Todas las versiones < V2201.0009), Tecnomatix Plant Simulation V2302 (Todas las versiones < V2302.0003). Las aplicaciones afectadas contienen una vulnerabilidad de confusión de tipos al analizar archivos IGS especialmente manipulados. ... The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf • CWE-704: Incorrect Type Conversion or Cast •
CVE-2023-5346
https://notcve.org/view.php?id=CVE-2023-5346
Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) La confusión de tipos en V8 de Google Chrome anterior a 117.0.5938.149 permitía a un atacante remoto explotar potencialmente la corrupción del "heap" a través de una página HTML manipulada. • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop.html https://crbug.com/1485829 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMFDRMWMT6ZBLGLLWSWHHRAUBOSUXQDR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4GHJ3FK5NPHDRUR4OJOI4UU6FKSOOGG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RA6HMWNOYQ56R35MHW77GVW7373Z4RSN https://security.gentoo.org/glsa/202401-34 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-43154
https://notcve.org/view.php?id=CVE-2023-43154
In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account. En Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, la comparación vaga en la función "isValidLogin()" durante el intento de inicio de sesión da como resultado una vulnerabilidad de confusión de tipo PHP que conduce a la omisión de autenticación y la toma de control de la cuenta de administrador. • https://github.com/ally-petitt/CVE-2023-43154-PoC https://cxsecurity.com/issue/WLB-2023090075 https://github.com/ally-petitt/macs-cms-auth-bypass • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •