| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction. |
| This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays. |
| Permission bypass vulnerability in the window module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions,
OpenHarmony-v3.0.7 and prior versions
has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash.
|
| Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6. |
| Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6. |
| Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access. |
| A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters. |
| A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready. |
| In lwis_slc_buffer_free of lwis_device_slc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245300559References: N/A |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor 11.1.1.53537;. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JavaScript optimizations. The issue results from an improper optimization, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16733. |
| Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) |
| Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium) |
| Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) |
| Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) |
