CVSS: 8.8EPSS: 88%CPEs: 7EXPL: 2CVE-2018-4416 – WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion
https://notcve.org/view.php?id=CVE-2018-4416
As structure IDs can be reused after their owners get freed, this can lead to type confusion. • https://www.exploit-db.com/exploits/45910 https://github.com/erupmi/CVE-2018-4416-exploit https://support.apple.com/kb/HT209192 https://support.apple.com/kb/HT209194 https://support.apple.com/kb/HT209195 https://support.apple.com/kb/HT209196 https://support.apple.com/kb/HT209197 https://support.apple.com/kb/HT209198 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 97%CPEs: 5EXPL: 5CVE-2018-17463 – Google Chromium V8 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17463
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Anotación de efecto secundario en V8 en Google Chrome en versiones anteriores a la 70.0.3538.64 permitía que un atacante remoto ejecutase código arbitrario dentro de un sandbox mediante una página HTML manipulada. Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://www.exploit-db.com/exploits/48184 https://github.com/jhalon/CVE-2018-17463 https://github.com/kdmarti2/CVE-2018-17463 http://packetstormsecurity.com/files/156640/Google-Chrome-67-68-69-Object.create-Type-Confusion.html http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/888923 https://security.gentoo.org/glsa/201811-10 https://ww •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-18386 – kernel: Type confusion in drivers/tty/n_tty.c allows for a denial of service
https://notcve.org/view.php?id=CVE-2018-18386
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ. drivers/tty/n_tty.c en el kernel de Linux en versiones anteriores a la 4.14.11 permite que atacantes locales (que pueden acceder a los pseudoterminales) bloqueen el uso de dispositivos pseudoterminal debido a una confusión EXTPROC versus ICANON en TIOCINQ. A security flaw was found in the Linux kernel in drivers/tty/n_tty.c which allows local attackers (ones who are able to access pseudo terminals) to lock them up and block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ handler. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=966031f340185eddd05affcf72b740549f056348 https://access.redhat.com/errata/RHSA-2019:0831 https://bugzilla.suse.com/show_bug.cgi?id=1094825 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11 https://github.com/torvalds/linux/commit/966031f340185eddd05affcf72b740549f056348 https://usn.ubuntu.com/3849-1 https://usn.ubuntu.com/3849-2 https://access.redhat.com/security/cve/CVE-2018-18386 https://bugzilla& • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17913 – OMRON Industrial Automation CX-Supervisor CSNewDataSets Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17913
A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application. Existe una vulnerabilidad de confusión de tipos al procesar archivos de proyecto en Omron CX-Supervisor en versiones 3.4.1.0 y anteriores, lo que podría permitir que un atacante ejecute código en el contexto de la aplicación. ... The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • http://www.securityfocus.com/bid/105691 https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2018-12835 – Adobe Acrobat Pro DC HTML2PDF HTML Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-12835
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. ... Adobe Acrobat y Reader en versiones 2018.011.20063 y anteriores, 2017.011.30102 y anteriores y 2015.006.30452 y anteriores, tienen una vulnerabilidad de confusión de tipos. • http://www.securityfocus.com/bid/105443 http://www.securitytracker.com/id/1041809 https://helpx.adobe.com/security/products/acrobat/apsb18-30.html • CWE-704: Incorrect Type Conversion or Cast •