CWE-704
Allowed-with-ReviewIncorrect Type Conversion or Cast
Abstraction: Class · Status: Incomplete
The product does not correctly convert an object, resource, or structure from one type to a different type.
334 vulnerabilities reference this CWE, most recent first.
GHSA-QRV3-R8FP-HQXQ
Vulnerability from github – Published: 2025-08-21 21:32 – Updated: 2025-08-21 21:32Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and potentially execute arbitrary code. Exploitation requires direct access to the FTP service and is constrained by a single execution attempt if the daemon is installed as a Windows service.
{
"affected": [],
"aliases": [
"CVE-2010-20115"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-21T21:15:34Z",
"severity": "CRITICAL"
},
"details": "Arcane Software\u2019s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and potentially execute arbitrary code. Exploitation requires direct access to the FTP service and is constrained by a single execution attempt if the daemon is installed as a Windows service.",
"id": "GHSA-qrv3-r8fp-hqxq",
"modified": "2025-08-21T21:32:08Z",
"published": "2025-08-21T21:32:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-20115"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/vermillion_ftpd_port.rb"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20100213162028/http://www.softsea.com/review/Vermillion-FTP-Daemon.html"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20100416140657/http://www.global-evolution.info/news/files/vftpd/vftpd.txt"
},
{
"type": "WEB",
"url": "https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=23681"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/11293"
},
{
"type": "WEB",
"url": "https://www.juniper.net/us/en/threatlabs/ips-signatures/detail.FTP:EXPLOIT:VERMILLION-PORT-OF.html"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/vermillion-ftp-daemon-port-command-memory-corruption"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-R564-Q8CJ-XG77
Vulnerability from github – Published: 2022-05-14 02:59 – Updated: 2022-05-14 02:59Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
{
"affected": [],
"aliases": [
"CVE-2018-5007"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-20T19:29:00Z",
"severity": "HIGH"
},
"details": "Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
"id": "GHSA-r564-q8cj-xg77",
"modified": "2022-05-14T02:59:16Z",
"published": "2022-05-14T02:59:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5007"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2175"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb18-24.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104698"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041248"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R67M-M8C7-JP83
Vulnerability from github – Published: 2021-08-30 16:11 – Updated: 2022-08-16 18:40Impact
Authenticated users, regardless of their privileges (User or Admin), can trick Cachet and install the instance again, leading to arbitrary code execution on the server.
Patches
This issue was addressed by improving the middleware ReadyForUse, which now performs a stricter validation of the instance name.
Workarounds
Only allow trusted source IP addresses to access to the administration dashboard.
References
- https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection
For more information
If you have any questions or comments about this advisory, you can contact: - The original reporters, by sending an email to vulnerability.research [at] sonarsource.com; - The maintainers, by opening an issue on this repository.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "cachethq/cachet"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-39173"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-27T23:34:37Z",
"nvd_published_at": "2021-08-27T23:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\nAuthenticated users, regardless of their privileges (_User_ or _Admin_), can trick Cachet and install the instance again, leading to arbitrary code execution on the server.\n\n### Patches\n\nThis issue was addressed by improving the middleware `ReadyForUse`, which now performs a stricter validation of the instance name. \n\n### Workarounds\n\nOnly allow trusted source IP addresses to access to the administration dashboard.\n\n### References\n\n- https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection\n\n### For more information\n\nIf you have any questions or comments about this advisory, you can contact:\n- The original reporters, by sending an email to vulnerability.research [at] sonarsource.com;\n- The maintainers, by opening an issue on this repository.\n",
"id": "GHSA-r67m-m8c7-jp83",
"modified": "2022-08-16T18:40:56Z",
"published": "2021-08-30T16:11:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/fiveai/Cachet/security/advisories/GHSA-r67m-m8c7-jp83"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39173"
},
{
"type": "WEB",
"url": "https://blog.sonarsource.com/cachet-code-execution-via-laravel-configuration-injection"
},
{
"type": "PACKAGE",
"url": "https://github.com/fiveai/Cachet"
},
{
"type": "WEB",
"url": "https://github.com/fiveai/Cachet/releases/tag/v2.5.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Cachet vulnerable to forced reinstall"
}
GHSA-R77J-73RG-4F8H
Vulnerability from github – Published: 2022-05-14 01:41 – Updated: 2022-05-14 01:41In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.
{
"affected": [],
"aliases": [
"CVE-2018-19134"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-20T23:29:00Z",
"severity": "HIGH"
},
"details": "In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.",
"id": "GHSA-r77j-73rg-4f8h",
"modified": "2022-05-14T01:41:36Z",
"published": "2022-05-14T01:41:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19134"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3834"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=700141"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00019.html"
},
{
"type": "WEB",
"url": "https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf"
},
{
"type": "WEB",
"url": "https://www.ghostscript.com/doc/9.26/News.htm"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=693baf02152119af6e6afd30bb8ec76d14f84bbf"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106278"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R7FQ-HC8J-G7W7
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arguments passed to the instanceManager.nodes.append function. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5641.
{
"affected": [],
"aliases": [
"CVE-2018-14287"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-31T20:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arguments passed to the instanceManager.nodes.append function. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5641.",
"id": "GHSA-r7fq-hc8j-g7w7",
"modified": "2022-05-13T01:34:36Z",
"published": "2022-05-13T01:34:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14287"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-747"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R7MH-28RP-W68V
Vulnerability from github – Published: 2022-05-14 00:52 – Updated: 2022-05-14 00:52Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2018-12858"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-12T18:29:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.",
"id": "GHSA-r7mh-28rp-w68v",
"modified": "2022-05-14T00:52:36Z",
"published": "2022-05-14T00:52:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12858"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105443"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041809"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RC7C-QRR9-4694
Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2023-08-16 18:30A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to the use of an incorrect data type for a length variable. An attacker could exploit this vulnerability by initiating the transfer of a large file to an affected device via SCP. To exploit this vulnerability, the attacker would need to have valid privilege level 15 credentials on the affected device. A successful exploit could allow the attacker to cause the length variable to roll over, which could cause the affected device to crash.
{
"affected": [],
"aliases": [
"CVE-2019-12693"
],
"database_specific": {
"cwe_ids": [
"CWE-190",
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-02T19:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to the use of an incorrect data type for a length variable. An attacker could exploit this vulnerability by initiating the transfer of a large file to an affected device via SCP. To exploit this vulnerability, the attacker would need to have valid privilege level 15 credentials on the affected device. A successful exploit could allow the attacker to cause the length variable to roll over, which could cause the affected device to crash.",
"id": "GHSA-rc7c-qrr9-4694",
"modified": "2023-08-16T18:30:17Z",
"published": "2022-05-24T16:57:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12693"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-scp-dos"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RF4J-R2C2-F7X8
Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vulnerability may allow an attacker to execute remote code when processing specially crafted .dpb files.
{
"affected": [],
"aliases": [
"CVE-2017-16745"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-15T23:29:00Z",
"severity": "HIGH"
},
"details": "A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type (\u0027type confusion\u0027) vulnerability may allow an attacker to execute remote code when processing specially crafted .dpb files.",
"id": "GHSA-rf4j-r2c2-f7x8",
"modified": "2022-05-13T01:37:21Z",
"published": "2022-05-13T01:37:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16745"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102426"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RF8Q-MX75-CH73
Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the signer method of XFA's Signature objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-5015.
{
"affected": [],
"aliases": [
"CVE-2017-14823"
],
"database_specific": {
"cwe_ids": [
"CWE-704",
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-20T14:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the signer method of XFA\u0027s Signature objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-5015.",
"id": "GHSA-rf8q-mx75-ch73",
"modified": "2022-05-13T01:37:37Z",
"published": "2022-05-13T01:37:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14823"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-867"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RFCM-7M8J-5PG6
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAnnot method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6004.
{
"affected": [],
"aliases": [
"CVE-2018-14241"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-31T20:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAnnot method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6004.",
"id": "GHSA-rfcm-7m8j-5pg6",
"modified": "2022-05-13T01:34:41Z",
"published": "2022-05-13T01:34:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14241"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-701"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.