CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2017-13884 – Apple Safari DFG JIT Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-13884
By performing actions in JavaScript, an attacker can trigger a type confusion condition. • https://support.apple.com/HT208324 https://support.apple.com/HT208325 https://support.apple.com/HT208326 https://support.apple.com/HT208327 https://support.apple.com/HT208328 https://support.apple.com/HT208334 https://usn.ubuntu.com/3551-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13220
https://notcve.org/view.php?id=CVE-2017-13220
An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053. Existe una vulnerabilidad de elevación de privilegios en el bluez del kernel Upstream. • https://bugzilla.redhat.com/show_bug.cgi?id=1536155 https://bugzilla.suse.com/show_bug.cgi?id=1076537 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html https://security-tracker.debian.org/tracker/CVE-2017-13220 https://source.android.com/security/bulletin/pixel/2018-01-01 https://usn.ubuntu.com/3655-1 https://usn.ubuntu.com/3655-2 https&# • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 20%CPEs: 8EXPL: 0CVE-2018-0796 – Microsoft Office Excel Formula Type Confusion Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-0796
The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • http://www.securityfocus.com/bid/102372 http://www.securitytracker.com/id/1040153 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0796 •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13866 – Apple Safari DFG JIT Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-13866
The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • http://www.securityfocus.com/bid/102181 http://www.securitytracker.com/id/1040012 http://www.securitytracker.com/id/1040013 https://security.gentoo.org/glsa/201801-09 https://support.apple.com/HT208324 https://support.apple.com/HT208326 https://support.apple.com/HT208327 https://support.apple.com/HT208328 https://support.apple.com/HT208334 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 93%CPEs: 7EXPL: 1CVE-2017-11914 – Microsoft Edge Chakra - 'JavascriptGeneratorFunction::GetPropertyBuiltIns' Type Confusion
https://notcve.org/view.php?id=CVE-2017-11914
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. ChakraCore y Microsoft Edge en Windows 10 1511, 1607, 1703 y 1709 y Windows Server 2016 permiten que un atacante obtenga los mismos derechos de usuario que el usuario actual por la manera en la que el motor de scripting gestiona los objetos en la memoria. Esta vulnerabilidad también se conoce como "Scripting Engine Memory Corruption Vulnerability". El ID de este CVE es diferente de CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11916, CVE-2017-11918 y CVE-2017-11930. • https://www.exploit-db.com/exploits/43713 http://www.securityfocus.com/bid/102088 http://www.securitytracker.com/id/1039990 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11914 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •