CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-39219 – Wrong type for `Linker`-define functions when used across two `Engine`s
https://notcve.org/view.php?id=CVE-2021-39219
Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. ... Cross-`Engine` usage of functions is not supported in Wasmtime and this can result in type confusion of function pointers, resulting in being able to safely call a function with the wrong type. ... Wasmtime versiones anteriores a 0.30.0, está afectado por una vulnerabilidad de confusión de tipo. ... Un uso cruzado de funciones de "Engine" no está soportado en Wasmtime y esto puede resultar en una confusión de tipo de los punteros de las funciones, resultando en poder llamar de forma segura a una función con el tipo equivocado. • https://crates.io/crates/wasmtime https://github.com/bytecodealliance/wasmtime/commit/b39f087414f27ae40c44449ed5d1154e03449bff https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q879-9g95-56mx https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAVBRYDDUIY2ZR3K3FO4BVYJKIMJ5TP7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2Z33FTXFQ6EOINVEQIP4DFBG53G5XIY • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2021-39841 – Adobe Acrobat Pro DC DocMedia Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-39841
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Type Confusion vulnerability. ... Acrobat Reader DC versiones 2021.005.20060 (y anteriores), versiones 2020.004.30006 (y anteriores), y versiones 2017.011.30199 (y anteriores), están afectadas por una vulnerabilidad de Confusión de Tipo. ... The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • https://helpx.adobe.com/security/products/acrobat/apsb21-55.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2021-38658 – Microsoft Office Graphics Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-38658
The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38658 https://www.zerodayinitiative.com/advisories/ZDI-21-1083 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 6%CPEs: 3EXPL: 3CVE-2021-23440 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2021-23440
A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays. ... Una vulnerabilidad de confusión de tipos puede conducir a una derivación de CVE-2019-10747 cuando las claves proporcionadas por el usuario utilizadas en el parámetro de ruta son matrices A type confusion vulnerability in nodejs-set-value can lead to a bypass of CVE-2019-10747. • https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452 https://github.com/jonschlinkert/set-value/pull/33 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1584212 https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541 https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2 https://www.oracle.com/security-alerts/cpujan2022.html https://access.redhat.com/security/cve/CVE-2021-23440 https://bugzilla.redhat.com/show_bug.cgi?id=2004944 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-23438 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2021-23438
A type confusion vulnerability can lead to a bypass of CVE-2018-16490. ... They behave differently depending on the type of the input. ... Una vulnerabilidad de confusión de tipo puede conllevar a una omisión de CVE-2018-16490. • https://github.com/aheckmann/mpath/commit/89402d2880d4ea3518480a8c9847c541f2d824fc https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1579548 https://snyk.io/vuln/SNYK-JS-MPATH-1577289 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •