CWE:
 

Nic nie znaleziono w bazie WLB2


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-11-23
Medium
CVE-2021-38001

Vendor: Google
Software: Chrome
 

 
Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

 
2021-11-17
Low
CVE-2021-41190

Vendor: Linuxfoundation
Software: Open contain...
 

 

 
2021-11-10
Medium
CVE-2021-40871

Vendor: Softing
Software: Datafeed opc...
 

 
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted.

 
Medium
CVE-2021-40872

Vendor: Softing
Software: Smartlink hw-dp
 

 
An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash unexpectedly because of an invalid type cast, and must be restarted.

 
2021-11-09
Medium
CVE-2021-31344

Vendor: Siemens
Software: Capital vstar
 

 
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)

 
2021-11-03
Medium
CVE-2021-23807

Vendor: Jsonpointer project
Software: Jsonpointer
 

 
This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.

 
Medium
CVE-2021-23820

Vendor: Jsonpointer project
Software: Jsonpointer
 

 
This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays.

 
Medium
CVE-2021-23624

Vendor: Dotty project
Software: Dotty
 

 
This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.

 
Medium
CVE-2021-23509

Vendor: Json-ptr project
Software: Json-ptr
 

 
This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.

 
2021-11-02
Medium
CVE-2018-6122

Vendor: Google
Software: Chrome
 

 
Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top