02
CVE-2018-8202
An elevation of privilege vulnerability exists in .NET Framework that could allow an attacker to elevate their privilege level, (aka “.NET Framework Elevation of Privilege Vulnerability”).
CVE(s)
DESCRIPTION
32%
of enterprises
30%
of impacted enterprise
28%
01. MICROSOFT APPS
High
SEVERITY
Google Chrome is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by Skia. By persuading a victim to visit a specially crafted web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2018-6153
The Microsoft VBScript engines in Internet Explorer 8–11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, (aka "“Scripting Engine Memory Corruption Vulnerability”).
CVE-2015-6136
A remote user can exploit a flaw in the Java SE Java DB component to gain elevated privileges.
CVE-2018-2938
02. GOOGLE CHROME
03. MICROSOFT IE
Managing vulnerabilities at volume and scale across different teams requires actionable intelligence. Otherwise, you’re not making informed decisions – you’re guessing. The Top 10 Vulnerabilities chart provides insight into which vulnerabilities really exist in enterprise environments to help you make informed decisions about the risks they pose to your organization.
A security feature bypass vulnerability exists in .NET Framework that could allow an attacker to bypass Device Guard (aka “.NET Framework Device Guard Security Feature Bypass Vulnerability”).
CVE-2018-1039
SSL Version 2 and 3 Protocol Detection. The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws, including an insecure padding scheme with CBC ciphers and insecure session renegotiation and resumption schemes.
None
26%
Google Chrome out- of-bounds memory access in WebRTC.
CVE-2018-6130
07. GOOGLE CHROME
25%
09. MICROSOFT IE
Microsoft browsers allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, (aka " “Scripting Engine Memory Corruption Vulnerability”)
CVE-2017-8517
10. ADOBE FLASH
Adobe Flash Player 30.0.0.113 and earlier versions have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-5007
24%
11. MICROSOFT IE
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory (aka “Internet Explorer Memory Corruption Vulnerability”).
CVE-2018-8249, CVE-2018-0978
23%
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails (aka “Microsoft Office Tampering Vulnerability”). This affects Microsoft Word, Microsoft Office.
CVE-2018-8310
Adobe Flash Player 29.0.0.171 and earlier versions have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-5002
14. MICROSOFT IE
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory (aka “Microsoft Browser Memory Corruption Vulnerability”).
CVE-2018-8178
Vulnerability in the Java SE embedded component of Oracle Java SE (subcomponent: Hot Spot). Successful attacks of this vulnerability can result in takeover of Java SE.
CVE-2018-2814
The remote Windows host contains a version of the Microsoft Foundation Class (MFC) library affected by an insecure library- loading vulnerability. The path used for loading external libraries is not securely restricted. Arbitrary code can be executed on the remote host through the MFC library.
CVE-2010-3190
22%
18. ADOBE FLASH
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use- after- free vulnerability in the Primetime SDK, potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
CVE-2017-11215
08. MICROSOFT IE
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer (aka“Scripting Engine Memory Corruption Vulnerability”). This affects Internet
CVE-2018-8242
04. ORACLE JAVA
05. MICROSOFT APPS
06. SSL
12. MICROSOFT APPS
15. ORACLE JAVA
16. ADOBE FLASH
17. MICROSOFT APPS
19. Firefox
According to its version, there is at least one unsupported Mozilla application (Firefox, Thunderbird and/or SeaMonkey) installed on the remote host. This version of the software is no longer actively maintained. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
An Uuntrusted search path vulnerability in the MFC llibrary in Microsoft Visual Studio .NET allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL/MFC Trace Tool).
CVE-2015-0008
20. MICROSOFT OS
13. ADOBE FLASH
Google
SSL
Microsoft Apps
Oracle Java
Internet Explorer
01 02 03 04 05 06 07 08 09 10
Adobe Flash
The Microsoft VBScript engines in Internet Explorer 8–11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, (aka “Scripting Engine Memory Corruption Vulnerability”).
Google Chrome out-of-bounds memory access in WebRTC.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer (aka “Scripting Engine Memory Corruption Vulnerability”). This affects Internet Explorer 9-11.
Microsoft browsers allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, (aka “Scripting Engine Memory Corruption Vulnerability”).
