CVSS: 9.8EPSS: 48%CPEs: 8EXPL: 0CVE-2020-9850 – Apple Safari In Operator JIT Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-9850
By performing actions in JavaScript, an attacker can trigger a type confusion condition. • https://support.apple.com/HT211168 https://support.apple.com/HT211171 https://support.apple.com/HT211175 https://support.apple.com/HT211177 https://support.apple.com/HT211178 https://support.apple.com/HT211179 https://support.apple.com/HT211181 https://access.redhat.com/security/cve/CVE-2020-9850 https://bugzilla.redhat.com/show_bug.cgi?id=1879568 https://github.com/sslab-gatech/pwn2own2020 • CWE-841: Improper Enforcement of Behavioral Workflow •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 2CVE-2020-6468 – chromium-browser: Type Confusion in V8
https://notcve.org/view.php?id=CVE-2020-6468
Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipos en V8 en Google Chrome versiones anteriores a la versión 83.0.4103.61, permitió a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML especialmente diseñada. • https://github.com/Goyotan/CVE-2020-6468-PoC https://github.com/kiks7/CVE-2020-6468-Chrome-Exploit http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html https://crbug.com/1076708 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR https://lists.fedoraproj • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1CVE-2020-6464 – chromium-browser: Type Confusion in Blink
https://notcve.org/view.php?id=CVE-2020-6464
Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipos en Blink en Google Chrome versiones anteriores a la versión 81.0.4044.138, permitió a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML especialmente diseñada A type confusion flaw was reported in the Blink component of the Chromium browser. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00000.html https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html https://crbug.com/1071059 https://security.gentoo.org/glsa/202005-13 https://www.debian.org/security/2020/dsa-4714 https://access.redhat.com/security/cve/CVE-2020-6464 https://bugzilla.redhat.com/show_bug.cgi?id=1832488 • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7081
https://notcve.org/view.php?id=CVE-2020-7081
A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it. Una vulnerabilidad de confusión de tipos en Autodesk FBX-SDK versiones 2019.0 y anteriores, puede conllevar a la lectura y escritura de código arbitrario en el sistema que lo ejecuta. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-10911 – Foxit PhantomPDF GetFieldValue Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-10911
The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. ... El problema es debido a una falta de comprobación apropiada de los datos suministrados por el usuario, lo que resulta en una condición de confusión de tipos. ... The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • https://www.foxitsoftware.com/support/security-bulletins.php https://www.zerodayinitiative.com/advisories/ZDI-20-518 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •