CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-30818 – webkitgtk: Type confusion issue leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-30818
A type confusion issue was addressed with improved state handling. ... Se abordó un problema de confusión de tipos con el manejo del estado mejorado. ... El procesamiento de contenido web diseñado de forma maliciosa puede conllevar a una ejecución de código arbitrario A confusion type flaw was found in WebKitGTK. • http://www.openwall.com/lists/oss-security/2021/12/20/6 https://support.apple.com/en-us/HT212807 https://support.apple.com/en-us/HT212814 https://support.apple.com/en-us/HT212815 https://support.apple.com/en-us/HT212816 https://support.apple.com/en-us/HT212819 https://support.apple.com/kb/HT212869 https://access.redhat.com/security/cve/CVE-2021-30818 https://bugzilla.redhat.com/show_bug.cgi?id=2034368 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0870 – Android NFC Type Confusion
https://notcve.org/view.php?id=CVE-2021-0870
Producto: Android, Versiones: Android-9 Android-10 Android-11 Android-8.1, ID de Android: A-192472262 Android NFC suffers from a type confusion vulnerability due to a race condition during a tag type change. • http://packetstormsecurity.com/files/164704/Android-NFC-Type-Confusion.html https://source.android.com/security/bulletin/2021-10-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2021-34866 – Linux Kernel eBPF Type Confusion Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-34866
The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. ... El problema es debido a que no son comprobados apropiadamente los programas eBPF suministrados por el usuario, lo que puede resultar en una condición de confusión de tipo. ... Fue ZDI-CAN-14689 A vulnerability was found in Linux Kernel, where a type confusion problem in check_map_func_compatibility() may lead to free arbitrary kernel memory. ... The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. • https://security.netapp.com/advisory/ntap-20220217-0008 https://www.zerodayinitiative.com/advisories/ZDI-21-1148 https://access.redhat.com/security/cve/CVE-2021-34866 https://bugzilla.redhat.com/show_bug.cgi?id=2000457 • CWE-697: Incorrect Comparison CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-30627
https://notcve.org/view.php?id=CVE-2021-30627
Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipo en el diseño de Blink en Google Chrome versiones anteriores a 93.0.4577.82, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html https://crbug.com/1245786 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23447 – Cross-site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-23447
A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string). ... Una vulnerabilidad de confusión de tipos puede ser usada para omitir el saneo de entradas cuando el contenido del modelo es un array (en lugar de una cadena) • https://github.com/rooseveltframework/teddy/pull/518 https://github.com/rooseveltframework/teddy/releases/tag/0.5.9 https://snyk.io/vuln/SNYK-JS-TEDDY-1579557 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •