CVSS: 9.3EPSS: 1%CPEs: 13EXPL: 0CVE-2017-2995 – Adobe Flash Player MessageChannel Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-2995
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. ... Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de confusión de tipo relacionada con la clase MessageChannel. ... The issue results from the lack of proper validation of user-supplied data which can result in a type confusion condition. • http://rhn.redhat.com/errata/RHSA-2017-0275.html http://www.securityfocus.com/bid/96191 http://www.securitytracker.com/id/1037815 https://helpx.adobe.com/security/products/flash-player/apsb17-04.html https://security.gentoo.org/glsa/201702-20 https://access.redhat.com/security/cve/CVE-2017-2995 https://bugzilla.redhat.com/show_bug.cgi?id=1422237 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5023 – chromium-browser: type confusion in metrics
https://notcve.org/view.php?id=CVE-2017-5023
Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page. Tipo de confusión en el histograma en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac, y 56.0.2924.87 para Android, permitió a un atacante remoto potencialmente explotar una desreferencia casi nula a través de una página HTML manipulada. • http://rhn.redhat.com/errata/RHSA-2017-0206.html http://www.debian.org/security/2017/dsa-3776 http://www.securityfocus.com/bid/95792 http://www.securitytracker.com/id/1037718 https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html https://crbug.com/651443 https://security.gentoo.org/glsa/201701-66 https://access.redhat.com/security/cve/CVE-2017-5023 https://bugzilla.redhat.com/show_bug.cgi?id=1416674 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 5%CPEs: 4EXPL: 1CVE-2017-2373 – Apple WebKit - Type Confusion in RenderBox with Accessibility Enabled
https://notcve.org/view.php?id=CVE-2017-2373
Apple WebKit suffers from a type confusion vulnerability in RenderBox with accessibility enabled. • https://www.exploit-db.com/exploits/41216 http://www.securityfocus.com/bid/95727 http://www.securitytracker.com/id/1037668 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207482 https://support.apple.com/HT207484 https://support.apple.com/HT207485 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 5%CPEs: 4EXPL: 1CVE-2017-2369 – Apple WebKit - 'HTMLKeygenElement' Type Confusion
https://notcve.org/view.php?id=CVE-2017-2369
Apple WebKit suffers from a HTMLKeygenElement type confusion vulnerability. • https://www.exploit-db.com/exploits/41215 http://www.securityfocus.com/bid/95727 http://www.securitytracker.com/id/1037668 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207482 https://support.apple.com/HT207484 https://support.apple.com/HT207485 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-2354 – Apple Safari SearchInputType Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-2354
The issue results from the lack of proper validation of user-supplied data which can result in a type confusion condition. • http://www.securityfocus.com/bid/95736 http://www.securitytracker.com/id/1037668 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207481 https://support.apple.com/HT207482 https://support.apple.com/HT207484 https://support.apple.com/HT207485 https://support.apple.com/HT207486 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •