CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-14827 – Foxit Reader XFA Nodes append Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-14827
The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. ... El problema deriva de la falta de validación correcta de información proporcionada por el usuario, lo que puede dar como resultado una condición de confusión de tipos. ... The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • https://www.foxitsoftware.com/support/security-bulletins.php https://zerodayinitiative.com/advisories/ZDI-17-871 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 3%CPEs: 16EXPL: 0CVE-2017-11292 – Adobe Flash Player Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2017-11292
This can lead to type confusion, and successful exploitation could lead to arbitrary code execution. ... Esto puede llevar a una confusión de tipos, y la explotación con éxito podría desembocar en la ejecución de código arbitrario. Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution. • http://www.securityfocus.com/bid/101286 http://www.securitytracker.com/id/1039582 https://access.redhat.com/errata/RHSA-2017:2899 https://helpx.adobe.com/security/products/flash-player/apsb17-32.html https://security.gentoo.org/glsa/201710-22 https://access.redhat.com/security/cve/CVE-2017-11292 https://bugzilla.redhat.com/show_bug.cgi?id=1502726 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.6EPSS: 90%CPEs: 7EXPL: 1CVE-2017-11811 – Microsoft Edge Chakra JIT - Type Confusion with switch Statements
https://notcve.org/view.php?id=CVE-2017-11811
Microsoft Edge Chakra suffers from a JIT related type confusion vulnerability with switch statements. • https://www.exploit-db.com/exploits/43152 http://www.securityfocus.com/bid/101138 http://www.securitytracker.com/id/1039529 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11811 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 4%CPEs: 5EXPL: 0CVE-2017-11800 – Microsoft Chakra Array JIT Optimization Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11800
By performing actions in JavaScript an attacker can trigger a type confusion condition. • http://www.securityfocus.com/bid/101127 http://www.securitytracker.com/id/1039529 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11800 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-14639
https://notcve.org/view.php?id=CVE-2017-14639
AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to denial of service (application crash) or possibly unspecified other impact. AP4_VisualSampleEntry::ReadFields en Core/Ap4SampleEntry.cpp en Bento4 1.5.0-617 utiliza datos de tipo carácter incorrectos, lo que puede provocar un subdesbordamiento de búfer basado en pila y una escritura fuera de límites, desembocando en una denegación de servicio (cierre inesperado de la aplicación) o incluso otro impacto no especificado. • https://blogs.gentoo.org/ago/2017/09/14/bento4-stack-based-buffer-underflow-in-ap4_visualsampleentryreadfields-ap4sampleentry-cpp https://github.com/axiomatic-systems/Bento4/commit/03d1222ab9c2ce779cdf01bdb96cdd69cbdcfeda https://github.com/axiomatic-systems/Bento4/issues/190 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •