CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38207 – Microsoft Edge (HTML-based) Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2024-38207
Microsoft Edge (HTML-based) Memory Corruption Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38207 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38209 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38209
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38209 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7971 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2024-7971
Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html https://issues.chromium.org/issues/360700873 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7969
https://notcve.org/view.php?id=CVE-2024-7969
Type Confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html https://issues.chromium.org/issues/351865302 https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-43357 – JavaScript specification issue may lead to type confusion and pointer dereference in implementations
https://notcve.org/view.php?id=CVE-2024-43357
A problem in the ECMAScript (JavaScript) specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type confusion and pointer dereference. The internal async generator machinery calls regular promise resolver functions on IteratorResult (`{ done, value }`) objects that it creates, assuming that the IteratorResult objects will not be then-ables. • https://github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r https://github.com/boa-dev/boa/security/advisories/GHSA-f67q-wr6w-23jq https://github.com/tc39/ecma262/pull/2413 https://github.com/tc39/ecma262/commit/1e24a286d0a327d08e1154926b3ee79820232727 https://github.com/tc39/ecma262/commit/4cb5a6980e20be76c648f113c4cc762342172df3 https://bugs.webkit.org/show_bug.cgi?id=275407 https://bugzilla.mozilla.org/show_bug.cgi?id=1901411 https://issues.chromium.org/issues/346692561 https://tc39.e • CWE-248: Uncaught Exception CWE-476: NULL Pointer Dereference CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •