CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-9948 – Apple Safari replace Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-9948
A type confusion issue was addressed with improved memory handling. ... Se abordó un problema de confusión de tipo con un manejo de la memoria mejorado.... By performing actions in JavaScript, an attacker can trigger a type confusion condition. • http://seclists.org/fulldisclosure/2020/Nov/18 http://www.openwall.com/lists/oss-security/2020/11/23/3 https://security.gentoo.org/glsa/202012-10 https://support.apple.com/HT211845 https://www.debian.org/security/2020/dsa-4797 https://access.redhat.com/security/cve/CVE-2020-9948 https://bugzilla.redhat.com/show_bug.cgi?id=1901214 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-0336
https://notcve.org/view.php?id=CVE-2020-0336
In SurfaceFlinger, there is possible memory corruption due to type confusion. ... User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153467444 En SurfaceFlinger, se presenta una posible corrupción de la memoria debido a una confusión de tipo. • https://source.android.com/security/bulletin/android-11 • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25575
https://notcve.org/view.php?id=CVE-2020-25575
It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. ... Presenta un fallo de confusión de tipo en el refinamiento de tipos. • https://boats.gitlab.io/blog/post/failure-to-fehler https://github.com/rust-lang-nursery/failure/issues/336 https://rustsec.org/advisories/RUSTSEC-2020-0036.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-1911
https://notcve.org/view.php?id=CVE-2020-1911
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. ... Una vulnerabilidad de confusión de tipos al resolver propiedades de objetos JavaScript con cadenas de prototipos especialmente diseñadas en Facebook Hermes versiones anteriores al commit fe52854cdf6725c2eaa9e125995da76e6ceb27da, permite a atacantes ejecutar potencialmente código arbitrario por medio de un JavaScript diseñado. • https://github.com/facebook/hermes/commit/fe52854cdf6725c2eaa9e125995da76e6ceb27da https://www.facebook.com/security/advisories/cve-2020-1911 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25016
https://notcve.org/view.php?id=CVE-2020-25016
A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations. Se detectó una violación de seguridad en la crate rgb versiones anteriores a 0.8.20 para Rust, conllevando a (por ejemplo) una desreferenciación de punteros arbitrarios o una divulgación de memoria no inicializada. Esto ocurre porque las estructuras pueden ser tratadas como bytes para operaciones de lectura y escritura • https://github.com/kornelski/rust-rgb/issues/35 https://rustsec.org/advisories/RUSTSEC-2020-0029.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •