CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24045
https://notcve.org/view.php?id=CVE-2021-24045
A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. ... Una vulnerabilidad de confusión de tipo podría ser desencadenada al resolver el operador unario "typeof" en Facebook Hermes versiones anteriores a v0.10.0. • https://github.com/facebook/hermes/commit/55e1b2343f4deb1a1b5726cfe1e23b2068217ff2 https://www.facebook.com/security/advisories/cve-2021-24045 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32969 – Delta Electronics DIAScreen - Type Confusion, Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2021-32969
Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code. Delta Electronics DIAScreen versiones anteriores a 1.1.0, son vulnerables a una condición de escritura fuera de límites, lo que puede resultar en un bloqueo del sistema o permitir a un atacante una ejecución de código remota arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-05 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32965 – Delta Electronics DIAScreen - Type Confusion, Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2021-32965
Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code. Delta Electronics DIAScreen versiones anteriores a 1.1.0, son vulnerables a la confusión de tipos, lo que puede permitir a un atacante ejecutar remotamente código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DIAScreen. • https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-05 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 3CVE-2021-38001
https://notcve.org/view.php?id=CVE-2021-38001
Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipos en V8 en Google Chrome versiones anteriores a 95.0.4638.69, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada • https://github.com/Peterpan0927/TFC-Chrome-v8-bug-CVE-2021-38001-poc https://github.com/maldiohead/TFC-Chrome-v8-bug-CVE-2021-38001-poc https://github.com/TheHermione/CVE-2021-38001 https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html https://crbug.com/1260577 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744 https://www.debian.org/security/2022/dsa-5046 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41190 – Clarify Content-Type handling in OCI spec
https://notcve.org/view.php?id=CVE-2021-41190
In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. ... Los documentos que contenían campos "manifiestos" y "capas" podían interpretarse como un manifiesto o un índice en ausencia de una cabecera Content-Type que los acompañara. Si una cabecera Content-Type cambiaba entre dos pulls del mismo compendio, un cliente podría interpretar el contenido resultante de forma diferente. • http://www.openwall.com/lists/oss-security/2021/11/19/10 https://github.com/opencontainers/distribution-spec/commit/ac28cac0557bcd3084714ab09f9f2356fe504923 https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TUZNDAH2B26VPBK342UC3BHZNLBUXGX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4334HT7AZPLWNYHW4ARU6JBUF3VZJPZN https://lists.fedoraproject.org/archives/list/packa • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •