CWE-843— Access of Resource Using Incompatible Type (Type Confusion)
729 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-843page 11 of 15
- CVE-2024-38178HIGHCVSS 7.5EG 9.0⚠ KEV2024-08-13
Scripting Engine Memory Corruption Vulnerability
- CVE-2024-38207MEDIUMCVSS 6.3EG 6.32024-08-23
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
- CVE-2024-38209HIGHCVSS 7.8EG 7.82024-08-22
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- CVE-2024-38218HIGHCVSS 8.4EG 8.42024-08-12
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
- CVE-2024-38219MEDIUMCVSS 6.5EG 6.52024-08-12
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- CVE-2024-4058HIGHCVSS 8.8EG 8.82024-05-01
Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2024-40676HIGHCVSS 7.7EG 7.72025-01-28
In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of privilege with no additional execution pri…
- CVE-2024-40788MEDIUMCVSS 5.5EG 5.52024-07-29
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, wat…
- CVE-2024-40803HIGHCVSS 7.5EG 7.52024-07-29
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An attacker may be able to cause unexpected app termination.
- CVE-2024-43357HIGHCVSS 8.6EG 8.62024-08-15
ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript (JavaScript) specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that …
- CVE-2024-43489MEDIUMCVSS 6.5EG 6.52024-09-19
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- CVE-2024-43498CRITICALCVSS 9.8EG 9.82024-11-12
.NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2024-43596MEDIUMCVSS 6.5EG 6.52024-10-17
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- CVE-2024-45112HIGHCVSS 7.8EG 7.82024-09-13
Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs w…
- CVE-2024-47804MEDIUMCVSS 4.3EG 4.32024-10-02
If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and ear…
- CVE-2024-49119HIGHCVSS 8.1EG 8.12024-12-12
Windows Remote Desktop Services Remote Code Execution Vulnerability
- CVE-2024-49196HIGHCVSS 7.5EG 7.52025-05-27
An issue was discovered in the GPU in Samsung Mobile Processor Exynos 1480 and 2400. Type confusion leads to a Denial of Service.
- CVE-2024-4947CRITICALCVSS 9.6EG 9.6⚠ KEV2024-05-15
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-49860HIGHCVSS 7.1EG 7.12024-10-21
In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is returned description_show() will access inval…
- CVE-2024-5158HIGHCVSS 8.1EG 8.82024-05-22
Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-5271HIGHCVSS 7.8EG 7.82024-05-30
Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code execution.
- CVE-2024-5274CRITICALCVSS 9.6EG 9.6⚠ KEV2024-05-28
Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-53427HIGHCVSS 8.1EG 8.12025-02-26
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, …
- CVE-2024-5436CRITICALCVSS 9.8EG 9.82024-05-31
Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We recommend upgrading to version 12.88 or above.
- CVE-2024-54505HIGHCVSS 8.8EG 6.52024-12-12
A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web …
- CVE-2024-54507CRITICALCVSS 9.1EG 5.52025-01-27
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An attacker with user privileges may be able to read kernel memory.
- CVE-2024-54524MEDIUMCVSS 5.5EG 5.52024-12-12
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to access arbitrary files.
- CVE-2024-5597HIGHCVSS 7.8EG 7.82024-06-10
Fuji Electric Monitouch V-SFT is vulnerable to a type confusion, which could cause a crash or code execution.
- CVE-2024-56522HIGHCVSS 7.5EG 7.52024-12-27
An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.
- CVE-2024-58253LOWCVSS 2.9EG 2.92025-05-02
In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces an invalid value.
- CVE-2024-5830HIGHCVSS 8.8EG 8.82024-06-11
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-5833HIGHCVSS 8.8EG 8.82024-06-11
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-5837HIGHCVSS 8.8EG 8.82024-06-11
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-5838HIGHCVSS 8.8EG 8.82024-06-11
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-5843MEDIUMCVSS 6.5EG 6.52024-06-11
Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium)
- CVE-2024-6100HIGHCVSS 8.8EG 8.82024-06-20
Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-6119HIGHCVSS 7.5EG 7.52024-09-03
Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Ab…
- CVE-2024-7520HIGHCVSS 8.8EG 8.82024-08-06
A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
- CVE-2024-7550HIGHCVSS 8.8EG 8.82024-08-06
Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-7652HIGHCVSS 7.5EG 7.52024-09-06
An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13,…
- CVE-2024-7824CRITICALCVSS 9.8EG 9.82024-10-03
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shie…
- CVE-2024-7825CRITICALCVSS 9.8EG 9.82024-10-03
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shie…
- CVE-2024-7969HIGHCVSS 8.8EG 8.82024-08-21
Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-7971CRITICALCVSS 9.6EG 9.6⚠ KEV2024-08-21
Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-8194HIGHCVSS 8.8EG 7.52024-08-28
Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-8381CRITICALCVSS 9.8EG 9.82024-09-03
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird…
- CVE-2024-8385CRITICALCVSS 9.8EG 9.82024-09-03
A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
- CVE-2024-8638HIGHCVSS 8.8EG 8.82024-09-11
Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-8904HIGHCVSS 8.8EG 8.82024-09-17
Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-9122HIGHCVSS 8.8EG 8.82024-09-25
Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Map vulnerabilities like CWE-843 to your infrastructure
EchelonGraph correlates every CVE — across CWE-843 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →