CVSS: 7.8EPSS: 14%CPEs: 3EXPL: 0CVE-2022-24510 – Microsoft Office Visio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-24510
The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24510 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-40061
https://notcve.org/view.php?id=CVE-2021-40061
There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. ... Se presenta una vulnerabilidad de acceso a recursos utilizando un tipo incompatible (confusión de tipos) en el módulo Bastet. • https://consumer.huawei.com/en/support/bulletin/2022/3 https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202203-0000001257385193 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-21656 – X.509 subjectAltName matching bypass in Envoy
https://notcve.org/view.php?id=CVE-2022-21656
The default_validator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. ... This confusion allows for the bypassing of nameConstraints, as processed by the underlying OpenSSL/BoringSSL implementation, exposing the possibility of impersonation of arbitrary servers. ... La implementación default_validator.cc usada para implementar las rutinas de comprobación de certificados por defecto presenta un error de "confusión de tipo" cuando procesa subjectAltNames. ... Esta confusión permite omitir nameConstraints, tal y como lo procesa la implementación subyacente de OpenSSL/BoringSSL, exponiendo la posibilidad de suplantación de servidores arbitrarios. • https://github.com/envoyproxy/envoy/commit/bb95af848c939cfe5b5ee33c5b1770558077e64e https://github.com/envoyproxy/envoy/security/advisories/GHSA-c9g7-xwcv-pjx2 • CWE-295: Improper Certificate Validation CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0457
https://notcve.org/view.php?id=CVE-2022-0457
Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipo en V8 en Google Chrome versiones anteriores a 98.0.4758.80, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html https://crbug.com/1274445 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46463
https://notcve.org/view.php?id=CVE-2021-46463
njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then(). Se ha detectado que njs versiones hasta 0.7.1, usado en NGINX, contiene un secuestro del flujo de control causado por una vulnerabilidad de Confusión de Tipos en la función njs_promise_perform_then() • https://github.com/nginx/njs/commit/6a40a85ff239497c6458c7dbef18f6a2736fe992 https://github.com/nginx/njs/issues/447 https://security.netapp.com/advisory/ntap-20220303-0007 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •