CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 3CVE-2021-23444 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2021-23444
A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function. ... Una vulnerabilidad de confusión de tipo puede conllevar a una omisión de CVE-2020-28480 cuando las claves proporcionadas por el usuario usadas en el parámetro path son arrays en la función setByPath • https://github.com/clientIO/joint/commit/e5bf89efef6d5ea572d66870ffd86560de7830a8 https://github.com/clientIO/joint/pull/1514 https://github.com/clientIO/joint/releases/tag/v3.4.2 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1655817 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1655816 https://snyk.io/vuln/SNYK-JS-JOINTJS-1579578 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23443 – Cross-site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-23443
A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), even if {{ }} are used. ... Puede ser usada una vulnerabilidad de confusión de tipo para omitir el saneamiento de entradas cuando la entrada que se va a representar es una matriz (en lugar de una cadena o un SafeValue), incluso si se usan {{ }} • https://github.com/edge-js/edge/commit/fa2c7fde86327aeae232752e89a6e37e2e469e21 https://snyk.io/vuln/SNYK-JS-EDGEJS-1579556 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-39219 – Wrong type for `Linker`-define functions when used across two `Engine`s
https://notcve.org/view.php?id=CVE-2021-39219
Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. ... Cross-`Engine` usage of functions is not supported in Wasmtime and this can result in type confusion of function pointers, resulting in being able to safely call a function with the wrong type. ... Wasmtime versiones anteriores a 0.30.0, está afectado por una vulnerabilidad de confusión de tipo. ... Un uso cruzado de funciones de "Engine" no está soportado en Wasmtime y esto puede resultar en una confusión de tipo de los punteros de las funciones, resultando en poder llamar de forma segura a una función con el tipo equivocado. • https://crates.io/crates/wasmtime https://github.com/bytecodealliance/wasmtime/commit/b39f087414f27ae40c44449ed5d1154e03449bff https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q879-9g95-56mx https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAVBRYDDUIY2ZR3K3FO4BVYJKIMJ5TP7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2Z33FTXFQ6EOINVEQIP4DFBG53G5XIY • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2021-39841 – Adobe Acrobat Pro DC DocMedia Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-39841
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Type Confusion vulnerability. ... Acrobat Reader DC versiones 2021.005.20060 (y anteriores), versiones 2020.004.30006 (y anteriores), y versiones 2017.011.30199 (y anteriores), están afectadas por una vulnerabilidad de Confusión de Tipo. ... The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • https://helpx.adobe.com/security/products/acrobat/apsb21-55.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2021-38658 – Microsoft Office Graphics Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-38658
The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38658 https://www.zerodayinitiative.com/advisories/ZDI-21-1083 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •