CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
Description
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (269)
page 14 of 14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-14537 | — | 0.00 | — | 0.06 | Aug 7, 2019 | YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass. | ||
| CVE-2019-2692 | 0.00 | — | 0.01 | Apr 23, 2019 | Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors… | |||
| CVE-2018-8133 | Hig | 0.00 | 7.5 | 0.51 | May 9, 2018 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943,… | ||
| CVE-2017-13220 | Hig | 0.00 | 7.8 | 0.00 | Jan 12, 2018 | An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053. | ||
| CVE-2014-1731 | 0.00 | — | 0.03 | Apr 26, 2014 | core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of… | |||
| CVE-2014-1730 | 0.00 | — | 0.03 | Apr 26, 2014 | Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading… | |||
| CVE-2013-2882 | 0.00 | — | 0.02 | Jul 31, 2013 | Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | |||
| CVE-2011-2875 | 0.00 | — | 0.01 | Sep 19, 2011 | Google V8, as used in Google Chrome before 14.0.835.163, does not properly perform object sealing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | |||
| CVE-2010-2299 | 0.00 | — | 0.03 | Jun 15, 2010 | The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors… |
- CVE-2019-14537Aug 7, 2019risk 0.00cvss —epss 0.06
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.
- CVE-2019-2692Apr 23, 2019risk 0.00cvss —epss 0.01
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors…
- risk 0.00cvss 7.5epss 0.51
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943,…
- risk 0.00cvss 7.8epss 0.00
An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.
- CVE-2014-1731Apr 26, 2014risk 0.00cvss —epss 0.03
core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of…
- CVE-2014-1730Apr 26, 2014risk 0.00cvss —epss 0.03
Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading…
- CVE-2013-2882Jul 31, 2013risk 0.00cvss —epss 0.02
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
- CVE-2011-2875Sep 19, 2011risk 0.00cvss —epss 0.01
Google V8, as used in Google Chrome before 14.0.835.163, does not properly perform object sealing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
- CVE-2010-2299Jun 15, 2010risk 0.00cvss —epss 0.03
The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors…