12901 matches found
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...
CVE-2023-38408
The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...
CVE-2017-1000501
Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution...
CVE-2022-1486
Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...
CVE-2022-41725
A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request...
CVE-2021-41190
The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents...
CVE-2020-13671
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to...
CVE-2022-1096
Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-46463
njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njspromiseperformthen...
CVE-2021-30588
Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-30563
Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-30551
Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-23997
Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox 88...
CVE-2019-9791
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...
CVE-2022-0457
Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2019-11707
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...
CVE-2020-26160
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...
CVE-2022-1869
Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-30561
Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-29945
The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. Note: This issue only affected x86-32 platforms. Other platforms are unaffected.. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
CVE-2020-13625
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message...
CVE-2021-30627
Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2018-12458
An improper integer type in the mpeg4encodegopheader function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service...
CVE-2022-2158
Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2022-32545
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior...
CVE-2021-30598
Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
CVE-2019-9795
A vulnerability where type-confusion in the IonMonkey just-in-time JIT compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird 60.6, Firefox ESR 60.6, and Firefox 66...
CVE-2021-29982
Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox 91 and Thunderbird 91...
CVE-2021-43537
An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...
CVE-2017-14054
In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivrreadheader due to lack of an EOF End of File check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would...
CVE-2022-32546
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior...
CVE-2021-21639
Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the config.xml REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type...
CVE-2022-35929
cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any attestation exists. cosign verify-attestation used with the --type flag will report a false positive verification when there is at least one attestation with a valid...
CVE-2022-22754
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...
CVE-2021-24000
A race condition with requestPointerLock and setTimeout could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements such as input type="file" this could have led to an attack where a user was confused about the origin...
CVE-2022-32547
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application...
CVE-2021-23954
Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 85, Thunderbird 78.7, and Firefox ESR 78.7...
CVE-2020-26965
Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field wa...
CVE-2022-41720
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS"C:/tmp".Open"COM1" opens the...
CVE-2019-17017
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR 68.4 and Firefox 72...
CVE-2022-2295
Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-20206
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...
CVE-2021-25631
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type...
CVE-2018-5817
A type confusion error within the "unpackedloadraw" function within LibRaw versions prior to 0.19.1 internal/dcrawcommon.cpp can be exploited to trigger an infinite loop...
CVE-2019-17026
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1...
CVE-2021-43618
GNU Multiple Precision Arithmetic Library GMP through 6.2.1 has an mpz/inpraw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms...
CVE-2020-28348
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8...
CVE-2021-23972
One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached...
CVE-2020-26974
When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR...
CVE-2022-41882
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file...