CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15860
https://notcve.org/view.php?id=CVE-2017-15860
In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur. En todos los productos Qualcomm con sistemas operativos Android distribuidos desde el CAF utilizando el kernel de Linux, cuando se procesa una tramacifrada de gestión de autenticación, podría ocurrir un desbordamiento de búfer basado en pila. • https://source.android.com/security/bulletin/2018-02-01 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 2%CPEs: 6EXPL: 0CVE-2018-6056 – chromium-browser: incorrect derived class instantiation in v8
https://notcve.org/view.php?id=CVE-2018-6056
Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Una confusión de tipos podría conducir a una escritura fuera de límites en V8 en Google Chrome, en versiones anteriores a la 64.0.3282.168, lo que permite que un atacante remoto ejecute código arbitrario dentro de un sandbox mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103003 https://access.redhat.com/errata/RHSA-2018:0334 https://chromereleases.googleblog.com/2018/02/stable-channel-update-for-desktop_13.html https://crbug.com/806388 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6056 https://bugzilla.redhat.com/show_bug.cgi?id=1545062 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.3EPSS: 94%CPEs: 8EXPL: 1CVE-2018-0834 – Microsoft Edge Chakra JIT - Array Type Confusion via InitProto Instructions
https://notcve.org/view.php?id=CVE-2018-0834
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866. Microsoft Edge y ChakraCore en Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709 y Windows Server 2016 permite la ejecución remota de código por la manera en la que el motor de scripting gestiona los objetos en la memoria. Esta vulnerabilidad también se conoce como "Scripting Engine Memory Corruption Vulnerability". El ID de este CVE es diferente de CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861 y CVE-2018-0866. • https://www.exploit-db.com/exploits/44078 http://www.securityfocus.com/bid/102859 http://www.securitytracker.com/id/1040372 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0834 • CWE-787: Out-of-bounds Write •
CVSS: 7.6EPSS: 95%CPEs: 8EXPL: 1CVE-2018-0835 – Microsoft Edge Chakra JIT - 'Array.prototype.reverse' Array Type Confusion
https://notcve.org/view.php?id=CVE-2018-0835
Microsoft Edge Chakra JIT from an array type confusion via Array.prototype.reverse. • https://www.exploit-db.com/exploits/44079 http://www.securityfocus.com/bid/102874 http://www.securitytracker.com/id/1040372 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0835 • CWE-787: Out-of-bounds Write •
CVSS: 7.6EPSS: 95%CPEs: 8EXPL: 1CVE-2018-0837 – Microsoft Edge Chakra JIT - 'LdThis' Type Confusion
https://notcve.org/view.php?id=CVE-2018-0837
Microsoft Edge Chakra JIT suffers from an LdThis type confusion vulnerability. • https://www.exploit-db.com/exploits/44081 http://www.securityfocus.com/bid/102876 http://www.securitytracker.com/id/1040372 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0837 • CWE-787: Out-of-bounds Write •