CVSS: 8.8EPSS: 96%CPEs: 5EXPL: 2CVE-2016-7201 – Microsoft Edge Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2016-7201
This can lead to type confusing, allowing an integer to be treated as an absolute pointer, when JavascriptArray::FillFromPrototypes is called. • https://www.exploit-db.com/exploits/40784 https://www.exploit-db.com/exploits/40990 http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.html http://www.securityfocus.com/bid/94038 http://www.securitytracker.com/id/1037245 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129 https://github.com/theori-io/chakra-2016-11 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.6EPSS: 91%CPEs: 1EXPL: 1CVE-2016-7240 – Microsoft Edge - 'eval' Type Confusion
https://notcve.org/view.php?id=CVE-2016-7240
The global eval function makes assumptions about the type of this extra arg, and casts it to a FrameDisplay object. If eval is called from a location in code where an extra parameter is added, for example, a Proxy function trap, and the extra parameter is of a different type, this can lead to type confusion. • https://www.exploit-db.com/exploits/40773 http://www.securityfocus.com/bid/94046 http://www.securitytracker.com/id/1037245 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 26EXPL: 0CVE-2016-7860 – Adobe Flash AdvertisingMetadata Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7860
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. ... Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de confusión de tipo explotable. ... The issue results from the lack of proper validation of user-supplied data which can result in a type confusion condition. • http://rhn.redhat.com/errata/RHSA-2016-2676.html http://www.securityfocus.com/bid/94151 http://www.securitytracker.com/id/1037240 http://www.zerodayinitiative.com/advisories/ZDI-16-601 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141 https://helpx.adobe.com/security/products/flash-player/apsb16-37.html https://security.gentoo.org/glsa/201611-18 https://access.redhat.com/security/cve/CVE-2016-7860 https://bugzilla.redhat.com/show_bug.cgi?id=139308 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.3EPSS: 1%CPEs: 26EXPL: 0CVE-2016-7861 – Adobe Flash Player Metadata Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7861
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. ... Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de confusión de tipo explotable. ... The issue results from the lack of proper validation of user-supplied data which can result in a type confusion condition. • http://rhn.redhat.com/errata/RHSA-2016-2676.html http://www.securityfocus.com/bid/94151 http://www.securitytracker.com/id/1037240 http://www.zerodayinitiative.com/advisories/ZDI-16-600 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141 https://helpx.adobe.com/security/products/flash-player/apsb16-37.html https://security.gentoo.org/glsa/201611-18 https://access.redhat.com/security/cve/CVE-2016-7861 https://bugzilla.redhat.com/show_bug.cgi?id=139308 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.3EPSS: 1%CPEs: 26EXPL: 0CVE-2016-7865 – Adobe Flash LocalConnection Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7865
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. ... Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de confusión de tipo explotable. • http://rhn.redhat.com/errata/RHSA-2016-2676.html http://www.securityfocus.com/bid/94151 http://www.securitytracker.com/id/1037240 http://www.zerodayinitiative.com/advisories/ZDI-16-598 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141 https://helpx.adobe.com/security/products/flash-player/apsb16-37.html https://security.gentoo.org/glsa/201611-18 https://access.redhat.com/security/cve/CVE-2016-7865 https://bugzilla.redhat.com/show_bug.cgi?id=139308 • CWE-704: Incorrect Type Conversion or Cast •