CWE-843— Access of Resource Using Incompatible Type (Type Confusion)
729 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-843page 5 of 15
- CVE-2020-6430HIGHCVSS 8.8EG 8.82020-04-13
Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6464HIGHCVSS 8.8EG 8.82020-05-21
Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6468HIGHCVSS 8.8EG 8.82020-05-21
Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6512HIGHCVSS 8.8EG 8.82020-07-22
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6533HIGHCVSS 8.8EG 8.82020-07-22
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6537HIGHCVSS 8.8EG 8.82020-09-21
Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
- CVE-2020-6656MEDIUMCVSS 5.8EG 5.82021-01-07
Eaton's easySoft software v7.xx prior to v7.22 are susceptible to file parsing type confusion remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user upload a malf…
- CVE-2020-7081HIGHCVSS 8.8EG 8.82020-04-17
A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it.
- CVE-2020-8088CRITICALCVSS 9.8EG 9.82020-01-27
panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
- CVE-2020-8547CRITICALCVSS 9.8EG 9.82020-02-03
phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
- CVE-2020-9261HIGHCVSS 7.8EG 7.82020-07-06
HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a type confusion vulnerability. The system does not properly check and transform the type of certain variable, the attacker tricks the user into installing then running…
- CVE-2020-9800HIGHCVSS 8.8EG 8.82020-06-09
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. P…
- CVE-2020-9948HIGHCVSS 8.8EG 8.82020-10-16
A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2021-0352MEDIUMCVSS 4.4EG 4.42021-02-03
In RT regmap driver, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versio…
- CVE-2021-1789HIGHCVSS 8.8EG 9.0⚠ KEV2021-04-02
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0…
- CVE-2021-1829CRITICALCVSS 9.8EG 9.82021-09-08
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges.
- CVE-2021-21224HIGHCVSS 8.8EG 9.0⚠ KEV2021-04-26
Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
- CVE-2021-21230HIGHCVSS 8.8EG 8.82021-04-30
Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-22354CRITICALCVSS 9.1EG 9.12021-06-30
There is an Information Disclosure Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds read.
- CVE-2021-23434MEDIUMCVSS 5.6EG 5.62021-08-27
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto…
- CVE-2021-23436MEDIUMCVSS 5.6EG 5.62021-09-01
This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condit…
- CVE-2021-23438MEDIUMCVSS 5.6EG 5.62021-09-01
This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['__proto__']. This is bec…
- CVE-2021-23440HIGHCVSS 7.3EG 7.32021-09-12
This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.
- CVE-2021-23443MEDIUMCVSS 5.4EG 5.42021-09-21
This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), even if {{ }} are used.
- CVE-2021-23444MEDIUMCVSS 5.6EG 5.62021-09-21
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function.
- CVE-2021-23447MEDIUMCVSS 5.4EG 5.42021-10-07
This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).
- CVE-2021-23472LOWCVSS 3.1EG 3.12021-11-03
This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the esca…
- CVE-2021-23509MEDIUMCVSS 5.6EG 5.62021-11-03
This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.
- CVE-2021-23624MEDIUMCVSS 5.6EG 5.62021-11-03
This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.
- CVE-2021-23807MEDIUMCVSS 5.6EG 5.62021-11-03
This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.
- CVE-2021-23820MEDIUMCVSS 5.6EG 5.62021-11-03
This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays.
- CVE-2021-23908LOWCVSS 2.9EG 2.92021-05-13
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leading to remote code execution.
- CVE-2021-23954HIGHCVSS 8.8EG 8.82021-02-26
Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7…
- CVE-2021-24044CRITICALCVSS 9.8EG 9.82022-01-15
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in seg…
- CVE-2021-24045CRITICALCVSS 9.8EG 9.82021-12-13
A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript…
- CVE-2021-25177HIGHCVSS 7.8EG 7.82021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service at…
- CVE-2021-26600CRITICALCVSS 9.8EG 9.82022-03-28
ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).
- CVE-2021-26635HIGHCVSS 7.8EG 7.82022-06-02
In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow …
- CVE-2021-27038HIGHCVSS 7.8EG 7.82021-07-09
A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. A malicious actor can leverage this to execute arbitrary code.
- CVE-2021-28468HIGHCVSS 7.8EG 7.82021-04-13
Raw Image Extension Remote Code Execution Vulnerability
- CVE-2021-28643LOWCVSS 3.3EG 3.32021-08-20
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Type Confusion vulnerability. An unauthenticated attacker could leverage this vulnerability to disclos…
- CVE-2021-29513LOWCVSS 2.5EG 2.52021-05-14
TensorFlow is an end-to-end open source platform for machine learning. Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. The conversion from Python array…
- CVE-2021-29519LOWCVSS 2.5EG 2.52021-05-14
TensorFlow is an end-to-end open source platform for machine learning. The API of `tf.raw_ops.SparseCross` allows combinations which would result in a `CHECK`-failure and denial of service. This is because the implementation(https://github…
- CVE-2021-30513HIGHCVSS 8.8EG 8.82021-06-04
Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-30517HIGHCVSS 8.8EG 8.82021-06-04
Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-30551HIGHCVSS 8.8EG 9.0⚠ KEV2021-06-15
Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-30561HIGHCVSS 8.8EG 8.82021-08-03
Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-30563HIGHCVSS 8.8EG 9.0⚠ KEV2021-08-03
Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-30588HIGHCVSS 8.8EG 8.82021-08-03
Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-30598HIGHCVSS 8.8EG 8.82021-08-26
Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Map vulnerabilities like CWE-843 to your infrastructure
EchelonGraph correlates every CVE — across CWE-843 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →