CVSS: 7.6EPSS: 94%CPEs: 20EXPL: 1CVE-2018-8291 – Microsoft Edge Chakra JIT - 'DictionaryPropertyDescriptor::CopyFrom' Type Confusion
https://notcve.org/view.php?id=CVE-2018-8291
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8296, CVE-2018-8298. Existe una vulnerabilidad de ejecución remota de código que se manifiesta en la forma en la que el motor de scripting gestiona los objetos en la memoria en los navegadores de Microsoft. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". • https://www.exploit-db.com/exploits/45215 http://www.securityfocus.com/bid/104637 http://www.securitytracker.com/id/1041256 http://www.securitytracker.com/id/1041258 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8291 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.6EPSS: 95%CPEs: 5EXPL: 1CVE-2018-8279 – Microsoft Edge Chakra JIT - Parameter Scope Parsing Type Confusion
https://notcve.org/view.php?id=CVE-2018-8279
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8301. Existe una vulnerabilidad de ejecución remota de código cuando Microsoft Edge accede incorrectamente a los objetos en la memoria. Esto también se conoce como "Microsoft Edge Memory Corruption Vulnerability". • https://www.exploit-db.com/exploits/45214 http://www.securityfocus.com/bid/104641 http://www.securitytracker.com/id/1041256 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8279 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.6EPSS: 62%CPEs: 1EXPL: 1CVE-2018-8298 – ChakraCore Scripting Engine Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2018-8298
This allows to initialize the same object multiple times which can lead to type confusion. The ChakraCore scripting engine contains a type confusion vulnerability which can allow for remote code execution. • https://www.exploit-db.com/exploits/45217 http://www.securityfocus.com/bid/104639 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8298 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4285
https://notcve.org/view.php?id=CVE-2018-4285
A type confusion issue was addressed with improved memory handling. ... Un problema de confusión de tipo se abordó con una gestión de memoria mejorada. • https://support.apple.com/kb/HT208937 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-4284
https://notcve.org/view.php?id=CVE-2018-4284
A type confusion issue was addressed with improved memory handling. ... Un problema de confusión de tipo se abordó con una gestión de memoria mejorada. • https://support.apple.com/kb/HT208932 https://support.apple.com/kb/HT208933 https://support.apple.com/kb/HT208934 https://support.apple.com/kb/HT208935 https://support.apple.com/kb/HT208936 https://support.apple.com/kb/HT208938 • CWE-704: Incorrect Type Conversion or Cast •