CVE-2014-1730

HIGH Year: 2014
CVSS v2 Score
7.8
High
Weakness Type
CWE-843
View all →

Vulnerability Description

Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.

Related Vulnerabilities

CVE-2021-33970

CRITICAL
CVSS:10.0(Critical)

Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges.

CWE-8432021

CVE-2012-0507

CRITICAL
CVSS:9.8(Critical)

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to af...

CWE-8432012

CVE-2016-1000005

CRITICAL
CVSS:9.8(Critical)

mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9....

CWE-8432016

CVE-2018-9471

CRITICAL
CVSS:9.8(Critical)

In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no addition...

CWE-8432018

CVE-2019-10231

CRITICAL
CVSS:9.8(Critical)

Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).

CWE-8432019

CVE-2019-14537

CRITICAL
CVSS:9.8(Critical)

YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.

CWE-8432019