CVSS: 6.5EPSS: 0%CPEs: 264EXPL: 0CVE-2022-23825 – hw: cpu: AMD: Branch Type Confusion (non-retbleed)
https://notcve.org/view.php?id=CVE-2022-23825
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. ... Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type, potentially leading to information disclosure. • http://www.openwall.com/lists/oss-security/2022/11/08/1 http://www.openwall.com/lists/oss-security/2022/11/10/2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSRW4LLTAT3CZMOYVNTC7YIYGX3KLED https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K https://lists.fedoraproject.org/archives/list • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.7EPSS: 0%CPEs: 22EXPL: 0CVE-2022-21772
https://notcve.org/view.php?id=CVE-2022-21772
In TEEI driver, there is a possible type confusion due to a race condition. ... En TEEI driver, Se presenta una posible confusión de tipos debido a una condición de carrera. • https://corp.mediatek.com/product-security-bulletin/July-2022 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 9CVE-2022-34918 – kernel: heap overflow in nft_set_elem_init()
https://notcve.org/view.php?id=CVE-2022-34918
A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. ... Un error de confusión de tipos en la función nft_set_elem_init (conllevando a un desbordamiento del búfer) podría ser usado por un atacante local para escalar privilegios, una vulnerabilidad diferente a la de CVE-2022-32250. ... Esto puede corregirse en la función nft_setelem_parse_data en el archivo net/netfilter/nf_tables_api.c A heap buffer overflow flaw was found in the Linux kernel’s Netfilter subsystem in the way a user provides incorrect input of the NFT_DATA_VERDICT type. ... A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges. • https://github.com/veritas501/CVE-2022-34918 https://github.com/randorisec/CVE-2022-34918-LPE-PoC https://github.com/merlinepedra25/CVE-2022-34918-LPE-PoC https://github.com/merlinepedra/CVE-2022-34918-LPE-PoC https://github.com/linulinu/CVE-2022-34918 http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html http://www.openwall.com/lists/oss-secur • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-1025: Comparison Using Wrong Factors •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-2158
https://notcve.org/view.php?id=CVE-2022-2158
Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipo en V8 en Google Chrome versiones anteriores a 103.0.5060.53, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html https://crbug.com/1321078 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7 https://security.gentoo.org/glsa/202208-25 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26635 – Bandisoft ARK Library buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2021-26635
In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. • https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747 • CWE-121: Stack-based Buffer Overflow CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •