CWE-704
Allowed-with-ReviewIncorrect Type Conversion or Cast
Abstraction: Class · Status: Incomplete
The product does not correctly convert an object, resource, or structure from one type to a different type.
334 vulnerabilities reference this CWE, most recent first.
GHSA-WXCQ-C49G-HPVJ
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getURL method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6025.
{
"affected": [],
"aliases": [
"CVE-2018-14262"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-31T20:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getURL method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6025.",
"id": "GHSA-wxcq-c49g-hpvj",
"modified": "2022-05-13T01:34:39Z",
"published": "2022-05-13T01:34:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14262"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-722"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WXPV-97W2-CH7X
Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the openList method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5021.
{
"affected": [],
"aliases": [
"CVE-2017-14829"
],
"database_specific": {
"cwe_ids": [
"CWE-704",
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-20T14:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the openList method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5021.",
"id": "GHSA-wxpv-97w2-ch7x",
"modified": "2022-05-13T01:37:36Z",
"published": "2022-05-13T01:37:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14829"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-873"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X5XH-7R6J-FRRV
Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2022-05-24 19:13Incorrect pointer argument passed to trusted application TA could result in un-intended memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT
{
"affected": [],
"aliases": [
"CVE-2021-1923"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-08T12:15:00Z",
"severity": "HIGH"
},
"details": "Incorrect pointer argument passed to trusted application TA could result in un-intended memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT",
"id": "GHSA-x5xh-7r6j-frrv",
"modified": "2022-05-24T19:13:52Z",
"published": "2022-05-24T19:13:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1923"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-X6F3-5P3J-RPV9
Vulnerability from github – Published: 2022-05-14 01:01 – Updated: 2022-05-14 01:01Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2016-7865"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-11-08T17:59:00Z",
"severity": "HIGH"
},
"details": "Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.",
"id": "GHSA-x6f3-5p3j-rpv9",
"modified": "2022-05-14T01:01:38Z",
"published": "2022-05-14T01:01:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7865"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201611-18"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2676.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94151"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037240"
},
{
"type": "WEB",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-598"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X6FP-542M-2MR8
Vulnerability from github – Published: 2024-09-18 15:30 – Updated: 2025-11-04 18:31Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the Protected_Logical_Read_Reply function
{
"affected": [],
"aliases": [
"CVE-2024-39589"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T15:15:15Z",
"severity": "HIGH"
},
"details": "Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the `Protected_Logical_Read_Reply` function",
"id": "GHSA-x6fp-542m-2mr8",
"modified": "2025-11-04T18:31:25Z",
"published": "2024-09-18T15:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39589"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2016"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2016"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X9QC-7XPV-MCM3
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importAnXFDX method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6028.
{
"affected": [],
"aliases": [
"CVE-2018-14265"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-31T20:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importAnXFDX method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6028.",
"id": "GHSA-x9qc-7xpv-mcm3",
"modified": "2022-05-13T01:34:38Z",
"published": "2022-05-13T01:34:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14265"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-725"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XF53-3FHV-7743
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the mailForm method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6031.
{
"affected": [],
"aliases": [
"CVE-2018-14268"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-31T20:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the mailForm method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6031.",
"id": "GHSA-xf53-3fhv-7743",
"modified": "2022-05-13T01:34:38Z",
"published": "2022-05-13T01:34:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14268"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-728"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XF6G-JWWH-XFV8
Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
{
"affected": [],
"aliases": [
"CVE-2018-19027"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-30T16:29:00Z",
"severity": "HIGH"
},
"details": "Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.",
"id": "GHSA-xf6g-jwwh-xfv8",
"modified": "2022-05-13T01:33:36Z",
"published": "2022-05-13T01:33:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19027"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-010-02"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106524"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XH26-HC5R-C798
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getVersionID method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6026.
{
"affected": [],
"aliases": [
"CVE-2018-14263"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-31T20:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getVersionID method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6026.",
"id": "GHSA-xh26-hc5r-c798",
"modified": "2022-05-13T01:34:39Z",
"published": "2022-05-13T01:34:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14263"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-723"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XH36-R8RR-4PMG
Vulnerability from github – Published: 2025-07-01 09:30 – Updated: 2025-07-01 09:30An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.
{
"affected": [],
"aliases": [
"CVE-2025-41648"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-01T08:15:23Z",
"severity": "CRITICAL"
},
"details": "An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.",
"id": "GHSA-xh36-r8rr-4pmg",
"modified": "2025-07-01T09:30:33Z",
"published": "2025-07-01T09:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41648"
},
{
"type": "WEB",
"url": "https://certvde.com/en/advisories/VDE-2025-039"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.