CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-2935 – Chrome v8::internal::Object::SetPropertyWithAccessor Type Confusion
https://notcve.org/view.php?id=CVE-2023-2935
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Google Chrome version 112.0.5615.137 and Chromium version 115.0.5737.0 suffer from a type confusion vulnerability in v8::internal::Object::SetPropertyWithAccessor. • http://packetstormsecurity.com/files/173196/Chrome-v8-internal-Object-SetPropertyWithAccessor-Type-Confusion.html https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html https://crbug.com/1440695 https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5418 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-27930
https://notcve.org/view.php?id=CVE-2023-27930
A type confusion issue was addressed with improved checks. • https://support.apple.com/en-us/HT213757 https://support.apple.com/en-us/HT213758 https://support.apple.com/en-us/HT213761 https://support.apple.com/en-us/HT213764 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-23306
https://notcve.org/view.php?id=CVE-2023-23306
The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. • https://developer.garmin.com/connect-iq/api-docs/Toybox/Ant/BurstPayload.html#add-instance_function https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23306.md • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25933
https://notcve.org/view.php?id=CVE-2023-25933
A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. • https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81 https://www.facebook.com/security/advisories/cve-2023-25933 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23557
https://notcve.org/view.php?id=CVE-2023-23557
An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. • https://github.com/facebook/hermes/commit/a00d237346894c6067a594983be6634f4168c9ad https://www.facebook.com/security/advisories/cve-2023-23557 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •