CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4352 – Chrome Read-Only Property Overwrite
https://notcve.org/view.php?id=CVE-2023-4352
Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) La Confusión de Tipos en V8 en Google Chrome anterior a 116.0.5845.96 permitía a un atacante remoto explotar potencialmente la corrupción de la memoria a través de una página HTML manipulada. • http://packetstormsecurity.com/files/174669/Chrome-Read-Only-Property-Overwrite.html https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html https://crbug.com/1452076 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa&# • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2022-46706
https://notcve.org/view.php?id=CVE-2022-46706
A type confusion issue was addressed with improved state handling. ... Se ha solucionado un problema de confusión de tipos mejorando la gestión de estados. • https://support.apple.com/en-us/HT213183 https://support.apple.com/en-us/HT213184 https://support.apple.com/en-us/HT213185 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21287
https://notcve.org/view.php?id=CVE-2023-21287
In multiple locations, there is a possible code execution due to type confusion. • https://android.googlesource.com/platform/external/freetype/+/a79e80a25874dacaa266906a9048f13d4bac41c6 https://source.android.com/security/bulletin/2023-08-01 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 120EXPL: 0CVE-2023-28575 – Multiple Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2023-28575
The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it. • https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin • CWE-823: Use of Out-of-range Pointer Offset CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2023-4194 – Kernel: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid
https://notcve.org/view.php?id=CVE-2023-4194
A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate. Se ha encontrado un fallo en la funcionalidad TUN/TAP del kernel de Linux. • https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/security/cve/CVE-2023-4194 https://bugzilla.redhat.com/show_bug.cgi?id=2229498 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/344H6HO6SSC4KT7PDFXSDIXKMKHISSGF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TYLSJ2SAI7RF56ZLQ5CQWCJLVJSD73Q https://lore.kernel.org/all/20230731164237.48365-1&# • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-863: Incorrect Authorization •