CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46878
https://notcve.org/view.php?id=CVE-2021-46878
An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27742 https://github.com/fluent/fluent-bit/pull/3115 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 265EXPL: 0CVE-2023-26063 – Lexmark MC3224i pagemaker NAME Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-26063
Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type. ... When parsing the NAME element, the process does not properly validate user-supplied data, which can result in a type confusion condition. • https://publications.lexmark.com/publications/security-alerts/CVE-2023-26063.pdf https://support.lexmark.com/alerts • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1078
https://notcve.org/view.php?id=CVE-2023-1078
The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. ... Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. • http://www.openwall.com/lists/oss-security/2023/11/05/1 https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=f753a68980cf4b59a80fe677619da2b1804f526d https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://security.netapp.com/advisory/ntap-20230505-0004 • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1075 – kernel: net/tls: tls_is_tx_ready() checked list_entry
https://notcve.org/view.php?id=CVE-2023-1075
The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready. • https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=ffe2a22562444720b05bdfeb999c03e810d84cbb https://access.redhat.com/security/cve/CVE-2023-1075 https://bugzilla.redhat.com/show_bug.cgi?id=2173434 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1076 – kernel: tap: tap_open(): correctly initialize socket uid
https://notcve.org/view.php?id=CVE-2023-1076
The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. • https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=66b2c338adce580dfce2199591e65e2bab889cff https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=a096ccca6e503a5c575717ff8a36ace27510ab0a https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://access.redhat.com/security/cve/CVE-2023-1076 https://bugzilla.redhat.com/show_bug.cgi?id=2173435 • CWE-791: Incomplete Filtering of Special Elements CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •