Vulnerabilities > Access of Resource Using Incompatible Type ('Type Confusion')

DATE CVE VULNERABILITY TITLE RISK
2017-10-27 CVE-2017-5059 Type Confusion vulnerability in multiple products
Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page.
network
low complexity
google redhat CWE-843
8.8
2017-10-27 CVE-2017-5057 Type Confusion vulnerability in multiple products
Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
network
low complexity
google redhat CWE-843
8.8
2017-10-22 CVE-2017-11292 Type Confusion vulnerability in multiple products
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index.
network
low complexity
adobe redhat CWE-843
8.8
2017-09-21 CVE-2017-14639 Type Confusion vulnerability in Bento4 1.5.0617
AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to denial of service (application crash) or possibly unspecified other impact.
network
low complexity
bento4 CWE-843
8.8
2017-04-27 CVE-2017-8291 Type Confusion vulnerability in multiple products
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
local
low complexity
artifex debian redhat CWE-843
7.8
2017-02-26 CVE-2017-0037 Type Confusion vulnerability in Microsoft Edge and Internet Explorer
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.
network
high complexity
microsoft CWE-843
8.1
2017-02-15 CVE-2017-2995 Type Confusion vulnerability in Adobe Flash Player and Flash Player Desktop Runtime
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class.
network
low complexity
adobe CWE-843
8.8
2016-11-10 CVE-2016-7201 Type Confusion vulnerability in Microsoft Edge
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
network
low complexity
microsoft CWE-843
8.8
2016-10-13 CVE-2016-6992 Type Confusion vulnerability in Adobe Flash Player and Flash Player Desktop Runtime
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion."
network
low complexity
adobe CWE-843
8.8
2016-07-13 CVE-2016-4225 Type Confusion vulnerability in Adobe Flash Player and Flash Player Desktop Runtime
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4224.
network
low complexity
adobe CWE-843
8.8