← Back
CWE-704

271 CVEs • Abstraction: Class

Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

JSON object

Loading...

CVEs (271)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
2Mozilla
Oracle
2Firefox
Linux
May 6, 2026
Aug 5, 2016
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web s...Show more
The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion."Show less
1Adobe
4Air
Air SdkAir Sdk & Compiler+1 more
May 6, 2026
Jul 9, 2015
N/A· v4
N/A· v3
10.0 HIGH· v2
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compile...Show more
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3119, CVE-2015-3121, CVE-2015-3122, and CVE-2015-4433.Show less
3Apple
GoogleOpensuse
5Chrome
Iphone OsItunes+2 more
Apr 29, 2026
Mar 5, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown othe...Show more
Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.Show less
3Apple
GoogleOpensuse
5Chrome
Iphone OsItunes+2 more
Apr 29, 2026
Mar 5, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact...Show more
Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.Show less
2Apple
Google
4Chrome
Iphone OsItunes+1 more
Apr 29, 2026
Feb 16, 2012
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact vi...Show more
Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.Show less
2Debian
Google
2Chrome
Debian Linux
Apr 29, 2026
May 16, 2011
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impac...Show more
Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Show less
1Google
1Chrome
Apr 29, 2026
May 3, 2011
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Google Chrome before 11.0.696.57 does not properly perform a cast of an unspecified variable during handling of floating select lists, which allows remote attackers to cause a denial of service or possibly have unknown o...Show more
Google Chrome before 11.0.696.57 does not properly perform a cast of an unspecified variable during handling of floating select lists, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document.Show less
1Google
1Chrome
Apr 29, 2026
Mar 11, 2011
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Google Chrome before 10.0.648.127 does not properly perform a cast of an unspecified variable during text rendering, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a...Show more
Google Chrome before 10.0.648.127 does not properly perform a cast of an unspecified variable during text rendering, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.Show less
1Google
2Chrome
Chrome Os
Apr 29, 2026
Jan 14, 2011
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly...Show more
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Show less
2Debian
Google
3Chrome
Chrome OsDebian Linux
Apr 29, 2026
Jan 14, 2011
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possib...Show more
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.Show less
3Apple
GoogleOpensuse
3Chrome
OpensuseSafari
Apr 29, 2026
Oct 4, 2010
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary cod...Show more
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document.Show less