CVSS: 7.6EPSS: 4%CPEs: 5EXPL: 0CVE-2017-8738 – Microsoft Chakra Array Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8738
By performing actions in JavaScript, an attacker can trigger a type confusion condition. • http://www.securityfocus.com/bid/100759 http://www.securitytracker.com/id/1039342 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8738 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 5%CPEs: 13EXPL: 0CVE-2017-8750 – Microsoft Internet Explorer JavaScript WeakMap Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8750
By performing actions in JavaScript an attacker can trigger a type confusion condition. • http://www.securityfocus.com/bid/100771 http://www.securitytracker.com/id/1039342 http://www.securitytracker.com/id/1039343 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8750 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 14%CPEs: 11EXPL: 0CVE-2017-5116 – chromium-browser: type confusion in v8
https://notcve.org/view.php?id=CVE-2017-5116
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Una confusión de tipos en V8 en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Mac, Windows y Linux y a la 61.0.3163.81 para Android, permitía que un atacante remoto ejecutase código arbitrario dentro de un espacio aislado o sandbox mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100610 http://www.securitytracker.com/id/1039291 https://access.redhat.com/errata/RHSA-2017:2676 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html https://crbug.com/759624 https://security.gentoo.org/glsa/201709-15 https://security.googleblog.com/2018/01/android-security-ecosystem-investments.html https://access.redhat.com/security/cve/CVE-2017-5116 https://bugzilla.redha • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-5115 – chromium-browser: type confusion in v8
https://notcve.org/view.php?id=CVE-2017-5115
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Una confusión de tipos en V8 en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Windows, permitía que un atacante remoto pudiese explotar una corrupción de objetos mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100610 http://www.securitytracker.com/id/1039291 https://access.redhat.com/errata/RHSA-2017:2676 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html https://crbug.com/744584 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5115 https://bugzilla.redhat.com/show_bug.cgi?id=1488776 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.3EPSS: 5%CPEs: 10EXPL: 0CVE-2017-11221
https://notcve.org/view.php?id=CVE-2017-11221
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the annotation functionality. ... Adobe Acrobat Reader 2017.009.20058 y anteriores, 2017.008.30051 y anteriores, 2015.006.30306 y anteriores, y 11.0.20 y anteriores tiene una vulnerabilidad explotable de confusión de tipo en la funcionalidad de anotación. • http://www.securityfocus.com/bid/100181 http://www.securitytracker.com/id/1039098 https://helpx.adobe.com/security/products/acrobat/apsb17-24.html • CWE-704: Incorrect Type Conversion or Cast •