CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2018-4125 – Apple Safari Math abs Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-4125
30 Mar 2018 — By performing actions in JavaScript, an attacker can trigger a type confusion condition. • http://www.securitytracker.com/id/1040604 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-4161 – Apple Safari Math floor Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-4161
30 Mar 2018 — By performing actions in JavaScript, an attacker can trigger a type confusion condition. • http://www.securitytracker.com/id/1040604 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2018-4163 – Apple Safari Math sqrt Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-4163
30 Mar 2018 — By performing actions in JavaScript, an attacker can trigger a type confusion condition. • http://www.securitytracker.com/id/1040604 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16745
https://notcve.org/view.php?id=CVE-2017-16745
15 Mar 2018 — A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vulnerability may allow an attacker to execute remote code when processing specially crafted .dpb files. Se ha descubierto una vulnerabilidad de confusión de tipos en Delta Industrial Automation Screen Editor de Delta Electronics en las versiones 2.00.23.00 y anteriores. Un... • http://www.securityfocus.com/bid/102426 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8076
https://notcve.org/view.php?id=CVE-2018-8076
15 Mar 2018 — ZenMate 1.5.4 for macOS suffers from a type confusion vulnerability within the com.zenmate.chron-xpc LaunchDaemon component. ... This could potentially result in an XPC object of the wrong type being passed as the first argument to the xpc_connection_create_from_endpoint function if controlled by an attacker. ... ZenMate 1.5.4 para macOS sufre de una vulnerabilidad de confusión de tipos en el componente LaunchDaemon com.zenmate.chron-xpc. • https://github.com/VerSprite/research/blob/master/advisories/VS-2018-016.md • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.3EPSS: 0%CPEs: 13EXPL: 0CVE-2018-4920 – flash-plugin: Type Confusion - remote code execution vulnerability (APSB18-05)
https://notcve.org/view.php?id=CVE-2018-4920
15 Mar 2018 — Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. ... Adobe Flash Player, en versiones 28.0.0.161 y anteriores, tiene una vulnerabilidad explotable de confusión de tipos. • http://www.securityfocus.com/bid/103383 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5804 – LibRaw Denial of Service
https://notcve.org/view.php?id=CVE-2018-5804
14 Mar 2018 — A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero. Un error de confusión de tipos en la función "identify()" (internal/dcraw_common.cpp) en LibRaw, en versiones anteriores a la 0.18.8, puede explotarse para desencadenar una división entre cero. • https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt • CWE-369: Divide By Zero CWE-704: Incorrect Type Conversion or Cast •
CVSS: 8.8EPSS: 53%CPEs: 5EXPL: 2CVE-2018-6064 – Xiaomi Mi6 V8 CollectValuesOrEntriesImpl Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-6064
12 Mar 2018 — Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Confusión de tipos en la implementación de __defineGetter__ en V8 en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. ... By performing actions in JavaScript, an ... • https://packetstorm.news/files/id/147025 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15860
https://notcve.org/view.php?id=CVE-2017-15860
23 Feb 2018 — In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur. En todos los productos Qualcomm con sistemas operativos Android distribuidos desde el CAF utilizando el kernel de Linux, cuando se procesa una tramacifrada de gestión de autenticación, podría ocurrir un desbordamiento de búfer basado en pila. • https://source.android.com/security/bulletin/2018-02-01 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 2%CPEs: 6EXPL: 0CVE-2018-6056 – chromium-browser: incorrect derived class instantiation in v8
https://notcve.org/view.php?id=CVE-2018-6056
19 Feb 2018 — Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Una confusión de tipos podría conducir a una escritura fuera de límites en V8 en Google Chrome, en versiones anteriores a la 64.0.3282.168, lo que permite que un atacante remoto ejecute código arbitrario dentro de un sandbox mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103003 • CWE-704: Incorrect Type Conversion or Cast •