CVSS: 7.6EPSS: 96%CPEs: 10EXPL: 4CVE-2019-0539 – Microsoft Edge Chakra - 'InitClass' Type Confusion
https://notcve.org/view.php?id=CVE-2019-0539
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0567, CVE-2019-0568. Existe una vulnerabilidad de ejecución remota de código que se manifiesta en la forma en la que el motor de scripting de Chakra gestiona los objetos en la memoria en Microsoft Edge. Esto también se conoce como "Chakra Scripting Engine Memory Corruption Vulnerability". • https://www.exploit-db.com/exploits/46204 https://www.exploit-db.com/exploits/46485 https://www.exploit-db.com/exploits/46203 https://github.com/0x43434343/CVE-2019-0539 http://www.securityfocus.com/bid/106401 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0539 • CWE-787: Out-of-bounds Write •
CVSS: 7.6EPSS: 81%CPEs: 10EXPL: 2CVE-2019-0567 – Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion
https://notcve.org/view.php?id=CVE-2019-0567
Microsoft Edge has an issue where NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusion in the JITed code. • https://www.exploit-db.com/exploits/46203 https://github.com/NatteeSetobol/Chakra-CVE-2019-0567 http://www.securityfocus.com/bid/106418 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0567 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5817
https://notcve.org/view.php?id=CVE-2018-5817
A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. Un error de confusión de tipos en la función "unpacked_load_raw()" en LibRaw, en versiones anteriores a la 0.19.1 (internal/dcraw_common.cpp), puede ser explotado para desencadenar un bucle infinito. • https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27 https://usn.ubuntu.com/3989-1 https://www.libraw.org/news/libraw-0-19-2-release • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2018-19134 – ghostscript: Type confusion in setpattern (700141)
https://notcve.org/view.php?id=CVE-2018-19134
This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type. ... Este es un problema de confusión de tipos debido al error a la hora de comprobar si la implementación de un diccionario de patrones era un tipo de estructura. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=693baf02152119af6e6afd30bb8ec76d14f84bbf http://www.securityfocus.com/bid/106278 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.ghostscript.com/show_bug.cgi?id=700141 https://lists.debian.org/debian-lts-announce/2018/12/msg00019.html https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf https://www.ghostscript.com/doc/9.26/News.htm https://access.redhat.com/security/cve/CVE-2018-19134 htt • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7813 – Schneider Electric GUIcon GD1 File Parsing Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7813
A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on pcwin.dll which could cause remote code to be executed when parsing a GD1 file Existe una vulnerabilidad de confusión de tipos (CWE-843) en Eurotherm, de Schneider Electric GUIcon V2.0 (Gold Build 683.0), en pcwin.dll, lo que podría provocar que se ejecute código remoto al analizar un archivo GD1. ... The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • http://www.securityfocus.com/bid/106218 https://www.schneider-electric.com/ww/en/download/document/SEVD-2018-338-01 • CWE-704: Incorrect Type Conversion or Cast •