← Back
CWE-704

271 CVEs • Abstraction: Class

Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

JSON object

Loading...

CVEs (271)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Mattermost
1Mattermost Server
Jun 17, 2026
Jan 15, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to...Show more
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input.Show less
1Linux
1Linux Kernel
Jun 17, 2026
Jan 11, 2025
N/A· v4
5.5 MEDIUM· v3
N/A· v2
In the Linux kernel, the following vulnerability has been resolved: Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()" This reverts commit 7c877586da3178974a8a94577b6045a48377ff25....Show more
In the Linux kernel, the following vulnerability has been resolved: Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()" This reverts commit 7c877586da3178974a8a94577b6045a48377ff25. Anders and Philippe have reported that recent kernels occasionally hang when used with NFS in readahead code. The problem has been bisected to 7c877586da3 ("readahead: properly shorten readahead when falling back to do_page_cache_ra()"). The cause of the problem is that ra->size can be shrunk by read_pages() call and subsequently we end up calling do_page_cache_ra() with negative (read huge positive) number of pages. Let's revert 7c877586da3 for now until we can find a proper way how the logic in read_pages() and page_cache_ra_order() can coexist. This can lead to reduced readahead throughput due to readahead window confusion but that's better than outright hangs.Show less
1Contiki Ng
1Contiki Ng.
Jun 17, 2026
Nov 27, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when eit...Show more
Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementations is enabled and connected to an RPL instance. If an IPv6 packet containing an odd number of padded bytes before the RPL option, it can cause the rpl_ext_header_hbh_update function to read a 16-bit integer from an odd address. The impact of this unaligned read is architecture-dependent, but can potentially cause the system to crash. The problem has not been patched as of release 4.9, but will be included in the next release. One can apply the changes in Contiki-NG pull request #2962 to patch the system or wait for the next release.Show less
1Google
1Android
Jun 17, 2026
Nov 19, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges ne...Show more
In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
1Openplcproject
1Openplc V3 Firmware
Jun 17, 2026
Sep 18, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead...Show more
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the `Protected_Logical_Write_Reply` functionShow less
1Openplcproject
1Openplc V3 Firmware
Jun 17, 2026
Sep 18, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead...Show more
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the `Protected_Logical_Read_Reply` functionShow less
1Fortinet
2Fortios
Fortiproxy
Jun 17, 2026
Jul 9, 2024
N/A· v4
4.7 MEDIUM· v3
N/A· v2
An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8...Show more
An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests.Show less
1Google
1Android
Jun 17, 2026
Jun 13, 2024
N/A· v4
5.5 MEDIUM· v3
N/A· v2
In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure with no additional execution privileges needed. User interaction...Show more
In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
-
-
Jun 17, 2026
Jun 11, 2024
7.3 HIGH· v4
7.8 HIGH· v3
N/A· v2
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0012), Tecnomatix Plant Simulation V2404 (All versions < V2404.0001). The affected applications contain a type confusion vuln...Show more
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0012), Tecnomatix Plant Simulation V2404 (All versions < V2404.0001). The affected applications contain a type confusion vulnerability while parsing specially crafted MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22958)Show less
1Oneflow
1Oneflow
Jun 17, 2026
Jun 6, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is floating.
1Qualcomm
12Qam8255p Firmware
Qam8650p FirmwareQam8775p Firmware+9 more
Jun 17, 2026
Jun 3, 2024
N/A· v4
5.5 MEDIUM· v3
N/A· v2
transient DOS when setting up a fence callback to free a KGSL memory entry object during DMA.
1Snap
1Snapchat Lenscore
Jun 17, 2026
May 31, 2024
7.3 HIGH· v4
9.8 CRITICAL· v3
N/A· v2
Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We recommend upgrading to version 12.88 or above.
2Debian
Offis
2Dcmtk
Debian Linux
Jun 17, 2026
Apr 23, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can...Show more
An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.Show less
1Qualcomm
97315 5g Iot Modem Firmware
Ar8035 FirmwareFastconnect 6200 Firmware+94 more
Jun 17, 2026
Apr 1, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
Transient DOS while processing DL NAS TRANSPORT message with payload length 0.
1Mozilla
1Firefox
Jun 17, 2026
Mar 19, 2024
N/A· v4
3.7 LOW· v3
N/A· v2
Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124.
1Zephyrproject
1Zephyr
Jun 17, 2026
Feb 18, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Signed to unsigned conversion esp32_ipm_send
1Siemens
1Tecnomatix
Jun 17, 2026
Oct 10, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vuln...Show more
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21268)Show less
1Qualcomm
140Aqt1000 Firmware
Ar8031 FirmwareAr8035 Firmware+137 more
Jun 17, 2026
Aug 8, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.
1Qualcomm
48Aqt1000 Firmware
Qca6390 FirmwareQca6391 Firmware+45 more
Jun 17, 2026
Aug 8, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
Memory corruption in Trusted Execution Environment while calling service API with invalid address.
1Qualcomm
35Aqt1000 Firmware
Fastconnect 6200 FirmwareFastconnect 6800 Firmware+32 more
Jun 17, 2026
Jul 4, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
Memory corruption in Video while calling APIs with different instance ID than the one received in initialization.