VYPR

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

BaseIncomplete

Description

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (269)

page 1 of 14
  • CVE-2012-0507CriKEVJun 7, 2012
    risk 0.93cvss 9.8epss 0.98

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related…

  • CVE-2011-0611HigKEVApr 13, 2011
    risk 0.80cvss 8.8epss 0.99

    Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x…

  • CVE-2017-0037HigKEVFeb 26, 2017
    risk 0.74cvss 8.1epss 0.80

    Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted…

  • CVE-2017-8291HigKEVApr 27, 2017
    risk 0.73cvss 7.8epss 0.97

    Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.

  • CVE-2017-5070HigKEVOct 27, 2017
    risk 0.72cvss 8.8epss 0.31

    Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2016-7201HigKEVNov 10, 2016
    risk 0.72cvss 8.8epss 0.80

    The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than…

  • CVE-2017-11292HigKEVOct 22, 2017
    risk 0.70cvss 8.8epss 0.12

    Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code…

  • CVE-2024-23222HigKEVJan 23, 2024
    risk 0.69cvss 8.8epss 0.11

    A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2.…

  • CVE-2025-70023CriApr 14, 2026
    risk 0.64cvss 9.8epss 0.00

    An issue pertaining to CWE-843: Access of Resource Using Incompatible Type was discovered in transloadit uppy v0.25.6.

  • CVE-2026-4702CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4698CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.01

    JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-2796CriFeb 24, 2026
    risk 0.64cvss 9.8epss 0.01

    JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

  • CVE-2025-14330CriDec 9, 2025
    risk 0.64cvss 9.8epss 0.00

    JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

  • CVE-2026-11052CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.00

    Type Confusion in GPU in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2016-0985HigFeb 10, 2016
    risk 0.62cvss 8.8epss 0.27

    Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…

  • CVE-2026-24874CriJan 27, 2026
    risk 0.59cvss 9.1epss 0.00

    Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in themrdemonized xray-monolith.This issue affects xray-monolith: before 2025.12.30.

  • CVE-2018-4920HigMay 19, 2018
    risk 0.58cvss 8.8epss 0.08

    Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2017-5116HigOct 27, 2017
    risk 0.58cvss 8.8epss 0.13

    Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2017-2995HigFeb 15, 2017
    risk 0.58cvss 8.8epss 0.06

    Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-6992HigOct 13, 2016
    risk 0.58cvss 8.8epss 0.06

    Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion."