CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3676
https://notcve.org/view.php?id=CVE-2022-3676
In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type. • https://github.com/eclipse-openj9/openj9/pull/16122 https://github.com/eclipse/omr/pull/6773 https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/389 • CWE-20: Improper Input Validation CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2022-41033 – Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41033
Windows COM+ Event System Service Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en system service de eventos COM+ de Windows Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41033 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-38037 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-38037
Este ID de CVE es diferente de CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38038, CVE-2022-38039 The Windows Kernel suffers from a memory corruption vulnerability due to type confusion of subkey index leaves in registry hives. • http://packetstormsecurity.com/files/169791/Windows-Kernel-Type-Confusion-Memory-Corruption.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38037 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3315
https://notcve.org/view.php?id=CVE-2022-3315
Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) La confusión de tipos en Blink en Google Chrome anterior a la versión 106.0.5249.62 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. • https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html https://crbug.com/1322812 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2971 – MZ Automation libIEC61850 Access of Resource Using Incompatible Type ('Type Confusion')
https://notcve.org/view.php?id=CVE-2022-2971
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •