CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-9943 – Foxit Reader XFA openList Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-9943
The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. ... El problema deriva de la falta de validación correcta de información proporcionada por el usuario, lo que puede dar como resultado una condición de confusión de tipos. ... The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • https://www.foxitsoftware.com/support/security-bulletins.php https://zerodayinitiative.com/advisories/ZDI-18-327 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 8.8EPSS: 6%CPEs: 1EXPL: 1CVE-2018-3843
https://notcve.org/view.php?id=CVE-2018-3843
An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory disclosure, and possibly to arbitrary code execution. ... Existe una vulnerabilidad explotable de confusión de tipos por la forma en la que Foxit PDF Reader 9.0.1.1049 analiza archivos con anotaciones de archivo asociadas. • http://www.securityfocus.com/bid/103942 http://www.securitytracker.com/id/1040733 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0526 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 8.3EPSS: 0%CPEs: 25EXPL: 0CVE-2018-2825 – Oracle Java MethodHandles setVolatile Type Confusion Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2018-2825
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103782 http://www.securitytracker.com/id/1040697 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security.netapp.com/advisory/ntap-20180419-0001 https://usn.ubuntu.com/3747-1 •
CVSS: 8.3EPSS: 0%CPEs: 25EXPL: 0CVE-2018-2826 – Oracle Java MethodHandles tryFinally Type Confusion Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2018-2826
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103796 http://www.securitytracker.com/id/1040697 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security.netapp.com/advisory/ntap-20180419-0001 https://usn.ubuntu.com/3747-1 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-7530 – OMRON CX-One CX-Protocol CObject Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7530
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may allow the pointer to call an incorrect object resulting in an access of resource using incompatible type condition. ... When parsing a crafted file, the process does not properly validate user-supplied data, which can result in a type confusion condition. • https://ics-cert.us-cert.gov/advisories/ICSA-18-100-02 • CWE-118: Incorrect Access of Indexable Resource ('Range Error') CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •