CVSS: 8.8EPSS: 23%CPEs: 3EXPL: 2CVE-2017-2446 – Apple Safari - 'DateTimeFormat.format' Type Confusion
https://notcve.org/view.php?id=CVE-2017-2446
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. • https://www.exploit-db.com/exploits/41741 https://www.exploit-db.com/exploits/41742 http://www.securityfocus.com/bid/97130 http://www.securitytracker.com/id/1038137 https://bugs.chromium.org/p/project-zero/issues/detail?id=1032 https://doar-e.github.io/blog/2018/07/14/cve-2017-2446-or-jscjsglobalobjectishavingabadtime https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207600 https://support.apple.com/HT207601 https://support.apple.com/HT207617 •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-2415
https://notcve.org/view.php?id=CVE-2017-2415
It allows remote attackers to execute arbitrary code by leveraging an unspecified "type confusion." ... Esto permite a atacantes remotos ejecutar código arbitrario aprovechando un "tipo de confusión" no especificado. • http://www.securityfocus.com/bid/97143 http://www.securitytracker.com/id/1038137 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207600 https://support.apple.com/HT207601 https://support.apple.com/HT207602 https://support.apple.com/HT207617 •
CVSS: 7.6EPSS: 18%CPEs: 5EXPL: 0CVE-2017-0094 – Microsoft Windows JavaScript Proxy Setter Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-0094
By performing actions in JavaScript an attacker can trigger a type confusion condition. • http://www.securityfocus.com/bid/96682 http://www.securitytracker.com/id/1038006 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0094 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 96%CPEs: 2EXPL: 5CVE-2017-0037 – Microsoft Edge and Internet Explorer Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2017-0037
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element. Microsoft Internet Explorer 10 y 11 y Microsoft Edge tienen un problema de tipo de confusión en la función Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement en mshtml.dll, que permite a atacantes remotos ejecutar código arbitrario a través de vectores que involucran una secuencia de token Cascading Style Sheets (CSS) manipulada y código JavaScript manipulado que opera en un elemento TH. Microsoft Edge and Internet Explorer suffer from a type confusion in HandleColumnBreakOnColumnSpanningElement. Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution. • https://www.exploit-db.com/exploits/41454 https://www.exploit-db.com/exploits/43125 https://www.exploit-db.com/exploits/42354 https://github.com/chattopadhyaykittu/CVE-2017-0037 http://www.securityfocus.com/bid/96088 http://www.securitytracker.com/id/1037905 http://www.securitytracker.com/id/1037906 https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1011 https://portal.msrc.microsoft.com/en-US&# • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-7655
https://notcve.org/view.php?id=CVE-2016-7655
It allows local users to gain privileges or cause a denial of service (type confusion) via unspecified vectors. ... Esto permite a usuarios locales obtener privilegios o provocar una denegación de servicio (confusión tipo) a través de vectores no especificados. • http://www.securityfocus.com/bid/94906 http://www.securitytracker.com/id/1037469 https://support.apple.com/HT207422 https://support.apple.com/HT207423 • CWE-704: Incorrect Type Conversion or Cast •