CVE-2022-46340 – X.Org Server XTestFakeInput Type Confusion Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-46340
The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • https://access.redhat.com/security/cve/CVE-2022-46340 https://bugzilla.redhat.com/show_bug.cgi?id=2151755 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWTH3SNJ3GKYDSN7I3QDGWYEPSMWU6EP https://lists.fedoraproject.org/archives/list/package-announce% • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2022-4262 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2022-4262
Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) La confusión de tipos en V8 en Google Chrome anterior a 108.0.5359.94 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML manipulada. (Severidad de seguridad de Chrome: Alta) Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. • https://github.com/bjrjk/CVE-2022-4262 https://github.com/mistymntncop/CVE-2022-4262 https://github.com/quangnh89/CVE-2022-4262 https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html https://crbug.com/1394403 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2022-4174
https://notcve.org/view.php?id=CVE-2022-4174
Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) La confusión de tipos en V8 en Google Chrome anterior a 108.0.5359.71 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. • https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html https://crbug.com/1379054 https://security.gentoo.org/glsa/202305-10 https://security.gentoo.org/glsa/202311-11 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2022-25743 – Qualcomm Adreno/KGSL Unchecked Cast / Type Confusion
https://notcve.org/view.php?id=CVE-2022-25743
Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Corrupción de la memoria en los gráficos debido al use-after-free al importar el búfer de gráficos en Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Qualcomm Adreno/KGSL suffers from an unchecked cast of vma->vm_file->private_data in kgsl_setup_dmabuf_useraddr(). • http://packetstormsecurity.com/files/172663/Qualcomm-Adreno-KGSL-Unchecked-Cast-Type-Confusion.html https://www.qualcomm.com/company/product-security/bulletins/november-2022-bulletin • CWE-416: Use After Free •
CVE-2022-3903
https://notcve.org/view.php?id=CVE-2022-3903
An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. Se encontró una falla de solicitud de lectura incorrecta en el controlador USB del transceptor de infrarrojos en el kernel de Linux. Este problema ocurre cuando un usuario conecta un dispositivo USB malicioso. • https://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA%40mail.gmail.com https://lore.kernel.org/all/E1obysd-009Grw-He%40www.linuxtv.org • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •