CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-43357 – JavaScript specification issue may lead to type confusion and pointer dereference in implementations
https://notcve.org/view.php?id=CVE-2024-43357
A problem in the ECMAScript (JavaScript) specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type confusion and pointer dereference. The internal async generator machinery calls regular promise resolver functions on IteratorResult (`{ done, value }`) objects that it creates, assuming that the IteratorResult objects will not be then-ables. • https://github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r https://github.com/boa-dev/boa/security/advisories/GHSA-f67q-wr6w-23jq https://github.com/tc39/ecma262/pull/2413 https://github.com/tc39/ecma262/commit/1e24a286d0a327d08e1154926b3ee79820232727 https://github.com/tc39/ecma262/commit/4cb5a6980e20be76c648f113c4cc762342172df3 https://bugs.webkit.org/show_bug.cgi?id=275407 https://bugzilla.mozilla.org/show_bug.cgi?id=1901411 https://issues.chromium.org/issues/346692561 https://tc39.e • CWE-248: Uncaught Exception CWE-476: NULL Pointer Dereference CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 0CVE-2024-38178 – Microsoft Windows Scripting Engine Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2024-38178
Scripting Engine Memory Corruption Vulnerability Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38178 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38219 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38219
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38219 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38218 – Microsoft Edge (HTML-based) Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2024-38218
Microsoft Edge (HTML-based) Memory Corruption Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38218 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7550
https://notcve.org/view.php?id=CVE-2024-7550
Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/355256380 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •