Total
220 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-35303 | 2024-06-11 | 7.8 High | ||
| A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0012), Tecnomatix Plant Simulation V2404 (All versions < V2404.0001). The affected applications contain a type confusion vulnerability while parsing specially crafted MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22958) | ||||
| CVE-2024-28130 | 2024-06-04 | 7.5 High | ||
| An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-5436 | 2024-06-04 | N/A | ||
| Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We recommend upgrading to version 12.88 or above. | ||||
| CVE-2024-21478 | 2024-06-04 | 6.2 Medium | ||
| transient DOS when setting up a fence callback to free a KGSL memory entry object during DMA. | ||||
| CVE-2022-3979 | 1 Nagvis | 1 Nagvis | 2024-05-17 | 8.1 High |
| A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.9.34 is able to address this issue. The identifier of the patch is 7574fd8a2903282c2e0d1feef5c4876763db21d5. It is recommended to upgrade the affected component. The identifier VDB-213557 was assigned to this vulnerability. | ||||
| CVE-2023-21665 | 1 Qualcomm | 440 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8905 and 437 more | 2024-04-12 | 7.8 High |
| Memory corruption in Graphics while importing a file. | ||||
| CVE-2023-21651 | 1 Qualcomm | 280 Aqt1000, Aqt1000 Firmware, Ar8031 and 277 more | 2024-04-12 | 7.8 High |
| Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE. | ||||
| CVE-2023-21638 | 1 Qualcomm | 72 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 69 more | 2024-04-12 | 7.8 High |
| Memory corruption in Video while calling APIs with different instance ID than the one received in initialization. | ||||
| CVE-2023-21627 | 1 Qualcomm | 96 Aqt1000, Aqt1000 Firmware, Qca6390 and 93 more | 2024-04-12 | 7.8 High |
| Memory corruption in Trusted Execution Environment while calling service API with invalid address. | ||||
| CVE-2022-40531 | 1 Qualcomm | 568 Apq8009, Apq8009 Firmware, Apq8017 and 565 more | 2024-04-12 | 7.8 High |
| Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message. | ||||
| CVE-2022-33301 | 1 Qualcomm | 32 Qca6595, Qca6595 Firmware, Qca6595au and 29 more | 2024-04-12 | 7.8 High |
| Memory corruption due to incorrect type conversion or cast in audio while using audio playback/capture when crafted address is sent from AGM IPC to AGM. | ||||
| CVE-2022-33240 | 1 Qualcomm | 18 Qca6595, Qca6595 Firmware, Qca6595au and 15 more | 2024-04-12 | 7.8 High |
| Memory corruption in Audio due to incorrect type cast during audio use-cases. | ||||
| CVE-2023-33101 | 2024-04-12 | 7.5 High | ||
| Transient DOS while processing DL NAS TRANSPORT message with payload length 0. | ||||
| CVE-2023-6249 | 2024-02-20 | 8.0 High | ||
| Signed to unsigned conversion esp32_ipm_send | ||||
| CVE-2021-43537 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-02-02 | 8.8 High |
| An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | ||||
| CVE-2021-3578 | 3 Debian, Fedoraproject, Isync Project | 3 Debian Linux, Fedora, Isync | 2023-11-07 | 7.8 High |
| A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client. | ||||
| CVE-2021-29424 | 2 Fedoraproject, Net\ | 2 Fedora, \ | 2023-11-07 | 7.5 High |
| The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. | ||||
| CVE-2019-5757 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2023-11-07 | N/A |
| An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | ||||
| CVE-2018-9490 | 1 Google | 1 Android | 2023-11-07 | N/A |
| In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111274046 | ||||
| CVE-2018-6170 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-11-07 | N/A |
| A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | ||||