CVSS: 9.3EPSS: 41%CPEs: 16EXPL: 1CVE-2017-3106 – Adobe Flash - Invoke Accesses Trait Out-of-Bounds
https://notcve.org/view.php?id=CVE-2017-3106
Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. ... Adobe Flash Player versiones 26.0.0.137 y anteriores tiene una vulnerabilidad explotable de confusión de tipo al parsear archivos SWF. • https://www.exploit-db.com/exploits/42480 http://www.securityfocus.com/bid/100190 http://www.securitytracker.com/id/1039088 https://access.redhat.com/errata/RHSA-2017:2457 https://helpx.adobe.com/security/products/flash-player/apsb17-23.html https://security.gentoo.org/glsa/201709-16 https://access.redhat.com/security/cve/CVE-2017-3106 https://bugzilla.redhat.com/show_bug.cgi?id=1479887 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 1%CPEs: 10EXPL: 0CVE-2017-11257 – Adobe Acrobat Pro DC XFA nodes Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11257
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. ... Adobe Acrobat Reader 2017.009.20058 y anteriores, 2017.008.30051 y anteriores, 2015.006.30306 y anteriores, y 11.0.20 y anteriores tiene una vulnerabilidad de confusión de tipo en el motor de diseño XFA. ... The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • http://www.securityfocus.com/bid/100181 http://www.securitytracker.com/id/1039098 https://helpx.adobe.com/security/products/acrobat/apsb17-24.html • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.6EPSS: 56%CPEs: 2EXPL: 1CVE-2017-8634 – Microsoft Edge Chakra - 'JavascriptArray::ConcatArgs' Type Confusion
https://notcve.org/view.php?id=CVE-2017-8634
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. Microsoft Edge en Microsoft Windows 10 1703 permite que un atacante ejecute código arbitrario en el contexto del usuario actual debido a la forma en la que los motores JavaScript del navegador de Microsoft renderizan contenido cuando gestionan objetos en la memoria. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, y CVE-2017-8674. • https://www.exploit-db.com/exploits/42474 http://www.securityfocus.com/bid/100043 http://www.securitytracker.com/id/1039095 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8634 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2017-5108 – chromium-browser: type confusion in pdfium
https://notcve.org/view.php?id=CVE-2017-5108
Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file. Una confusión de tipos en PDFium en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, Windows, Linux y Android, permitía que un atacante remoto pudiese modificar objetos con fines maliciosos mediante un archivo PDF manipulado. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/695830 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5108 https://bugzilla.redhat.com/show_bug.cgi?id=1475211 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5094 – chromium-browser: type confusion in extensions
https://notcve.org/view.php?id=CVE-2017-5094
Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page. Una confusión de tipos en extensions JavaScript bindings en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, Windows, Linux y Android, permitía que un atacante remoto pudiese modificar objetos con fines maliciosos mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/702946 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5094 https://bugzilla.redhat.com/show_bug.cgi?id=1475196 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •