CWE-704
271 CVEs • Abstraction: Class
Incorrect Type Conversion or Cast
The product does not correctly convert an object, resource, or structure from one type to a different type.
CVEs (271)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to...Show more |
In the Linux kernel, the following vulnerability has been resolved: Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()" This reverts commit 7c877586da3178974a8a94577b6045a48377ff25....Show more |
Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when eit...Show more |
In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges ne...Show more |
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead...Show more |
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead...Show more |
An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8...Show more |
In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure with no additional execution privileges needed. User interaction...Show more |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0012), Tecnomatix Plant Simulation V2404 (All versions < V2404.0001). The affected applications contain a type confusion vuln...Show more |
OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is floating. |
1Qualcomm 12Qam8255p Firmware Qam8650p FirmwareQam8775p Firmware+9 moreJun 17, 2026 Jun 3, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 transient DOS when setting up a fence callback to free a KGSL memory entry object during DMA. |
Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We recommend upgrading to version 12.88 or above. |
An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can...Show more |
1Qualcomm 97315 5g Iot Modem Firmware Ar8035 FirmwareFastconnect 6200 Firmware+94 moreJun 17, 2026 Apr 1, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Transient DOS while processing DL NAS TRANSPORT message with payload length 0. |
Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124. |
Signed to unsigned conversion esp32_ipm_send |
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vuln...Show more |
1Qualcomm 140Aqt1000 Firmware Ar8031 FirmwareAr8035 Firmware+137 moreJun 17, 2026 Aug 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE. |
1Qualcomm 48Aqt1000 Firmware Qca6390 FirmwareQca6391 Firmware+45 moreJun 17, 2026 Aug 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in Trusted Execution Environment while calling service API with invalid address. |
1Qualcomm 35Aqt1000 Firmware Fastconnect 6200 FirmwareFastconnect 6800 Firmware+32 moreJun 17, 2026 Jul 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in Video while calling APIs with different instance ID than the one received in initialization. |