VYPR

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

BaseIncomplete

Description

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (269)

page 14 of 14
  • CVE-2019-14537Aug 7, 2019
    risk 0.00cvss epss 0.06

    YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.

  • CVE-2019-2692Apr 23, 2019
    risk 0.00cvss epss 0.01

    Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors…

  • CVE-2018-8133HigMay 9, 2018
    risk 0.00cvss 7.5epss 0.51

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943,…

  • CVE-2017-13220HigJan 12, 2018
    risk 0.00cvss 7.8epss 0.00

    An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.

  • CVE-2014-1731Apr 26, 2014
    risk 0.00cvss epss 0.03

    core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of…

  • CVE-2014-1730Apr 26, 2014
    risk 0.00cvss epss 0.03

    Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading…

  • CVE-2013-2882Jul 31, 2013
    risk 0.00cvss epss 0.02

    Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

  • CVE-2011-2875Sep 19, 2011
    risk 0.00cvss epss 0.01

    Google V8, as used in Google Chrome before 14.0.835.163, does not properly perform object sealing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

  • CVE-2010-2299Jun 15, 2010
    risk 0.00cvss epss 0.03

    The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors…