CVE-2023-38199
https://notcve.org/view.php?id=CVE-2023-38199
coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the web application relies on only the last Content-Type header. Other platforms may reject the additional Content-Type header or merge conflicting headers, leading to detection as a malformed header. • https://github.com/coreruleset/coreruleset/issues/3191 https://github.com/coreruleset/coreruleset/pull/3237 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-38091 – Kofax Power PDF response Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-38091
Kofax Power PDF response Type Confusion Remote Code Execution Vulnerability. ... The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. ... Vulnerabilidad de ejecución remota de código de confusión de tipos de respuesta de Kofax Power PDF. ... El problema se debe a la falta de una validación adecuada de los datos proporcionados por el usuario, lo que puede dar lugar a una condición de confusión de tipos. ... The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • https://www.zerodayinitiative.com/advisories/ZDI-23-969 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-35297 – Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35297
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35297 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-35356 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-35356
Windows Kernel Elevation of Privilege Vulnerability The Microsoft Windows Kernel CmDeleteLayeredKey may delete predefined tombstone keys, leading to security descriptor use-after-free. • http://packetstormsecurity.com/files/174115/Microsoft-Windows-Kernel-Arbitrary-Read.html http://packetstormsecurity.com/files/174118/Microsoft-Windows-Kernel-Security-Descriptor-Use-After-Free.html http://packetstormsecurity.com/files/176451/Microsoft-Windows-Registry-Predefined-Keys-Privilege-Escalation.html https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35356 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-37376 – Siemens Tecnomatix Plant Simulation STP File Parsing Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-37376
The affected application contains a type confusion vulnerability while parsing STP files. ... The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •