CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 2CVE-2021-33624
https://notcve.org/view.php?id=CVE-2021-33624
., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db. En el archivo kernel/bpf/verifier.c en el kernel de Linux versiones anteriores a 5.12.13, una rama puede ser mal predicha (por ejemplo, debido a la confusión de tipos) y, en consecuencia, un programa BPF no privilegiado puede leer ubicaciones de memoria arbitrarias por medio de un ataque de canal lateral, también conocido como CID-9183671af6db • https://github.com/benschlueter/CVE-2021-33624 http://www.openwall.com/lists/oss-security/2021/06/21/1 https://github.com/torvalds/linux/commit/9183671af6dbf60a1219371d4ed73e23f43b49db https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://www.usenix.org/conference/usenixsecurity21/presentation/kirzner • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32696 – Passing in a non-string 'html' argument can lead to unsanitized output
https://notcve.org/view.php?id=CVE-2021-32696
In striptags before version 3.2.0, a type-confusion vulnerability can cause `striptags` to concatenate unsanitized strings when an array-like object is passed in as the `html` parameter. ... En striptags versiones anteriores a 3.2.0, una vulnerabilidad de confusión de tipos puede causar que "striptags" concatene cadenas no saneadas cuando es pasado un objeto tipo array como el parámetro "html". • https://github.com/ericnorris/striptags/commit/f252a6b0819499cd65403707ebaf5cc925f2faca https://github.com/ericnorris/striptags/releases/tag/v3.2.0 https://github.com/ericnorris/striptags/security/advisories/GHSA-qxg5-2qff-p49r https://www.npmjs.com/package/striptags • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-241: Improper Handling of Unexpected Data Type CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 25%CPEs: 3EXPL: 1CVE-2021-30551 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2021-30551
Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una Confusión de Tipo en V8 en Google Chrome versiones anteriores a 91.0.4472.101, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. • https://github.com/xmzyshypnc/CVE-2021-30551 https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html https://crbug.com/1216437 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54 https://security.gentoo.org/glsa/202107-06 https://security.gentoo.org/glsa/202208-25 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31480 – Desktop dwg2dl Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-31480
The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. ... El problema resulta de la falta de comprobación apropiada de los datos suministrados por el usuario, lo que puede resultar en una condición de confusión de tipo. ... The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • https://www.zerodayinitiative.com/advisories/ZDI-21-620 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-30517
https://notcve.org/view.php?id=CVE-2021-30517
Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. • https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html https://crbug.com/1203122 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54 https://security.gentoo.org/glsa/202107-06 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •