02
CVE-2018-8202
An elevation of privilege vulnerability exists in .NET Framework that could allow an attacker to elevate their privilege level, (aka “.NET Framework Elevation of Privilege Vulnerability”).
CVE(s)
DESCRIPTION
32%
of enterprises
30%
of impacted enterprise
28%
of impacted enterprise
01. MICROSOFT APPS
High
SEVERITY
Google Chrome is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by Skia. By persuading a victim to visit a specially crafted web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
DESCRIPTION
CVE-2018-6153
CVE(s)
High
SEVERITY
The Microsoft VBScript engines in Internet Explorer 8–11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, (aka "“Scripting Engine Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2015-6136
CVE(s)
High
SEVERITY
28%
of impacted enterprise
A remote user can exploit a flaw in the Java SE Java DB component to gain elevated privileges.
DESCRIPTION
CVE-2018-2938
CVE(s)
High
SEVERITY
02. GOOGLE CHROME
03. MICROSOFT IE
Managing vulnerabilities at volume and scale across different teams requires actionable intelligence. Otherwise, you’re not making informed decisions – you’re guessing. The Top 10 Vulnerabilities chart provides insight into which vulnerabilities really exist in enterprise environments to help you make informed decisions about the risks they pose to your organization.
28%
of impacted enterprise
A security feature bypass vulnerability exists in .NET Framework that could allow an attacker to bypass Device Guard (aka “.NET Framework Device Guard Security Feature Bypass Vulnerability”).
DESCRIPTION
CVE-2018-1039
CVE(s)
High
SEVERITY
28%
of impacted enterprise
SSL Version 2 and 3 Protocol Detection. The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws, including an insecure padding scheme with CBC ciphers and insecure session renegotiation and resumption schemes.
DESCRIPTION
None
CVE(s)
High
SEVERITY
26%
of impacted enterprise
Google Chrome out- of-bounds memory access in WebRTC.
DESCRIPTION
CVE-2018-6130
CVE(s)
High
SEVERITY
07. GOOGLE CHROME
25%
of impacted enterprise
09. MICROSOFT IE
Microsoft browsers allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, (aka " “Scripting Engine Memory Corruption Vulnerability”)
DESCRIPTION
CVE-2017-8517
CVE(s)
High
SEVERITY
25%
of impacted enterprise
10. ADOBE FLASH
Adobe Flash Player 30.0.0.113 and earlier versions have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5007
CVE(s)
High
SEVERITY
24%
of impacted enterprise
11. MICROSOFT IE
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory (aka “Internet Explorer Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2018-8249, CVE-2018-0978
CVE(s)
High
SEVERITY
23%
of impacted enterprise
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails (aka “Microsoft Office Tampering Vulnerability”). This affects Microsoft Word, Microsoft Office.
DESCRIPTION
CVE-2018-8310
CVE(s)
High
SEVERITY
23%
of impacted enterprise
Adobe Flash Player 29.0.0.171 and earlier versions have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5002
CVE(s)
High
SEVERITY
23%
of impacted enterprise
14. MICROSOFT IE
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory (aka “Microsoft Browser Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2018-8178
CVE(s)
High
SEVERITY
23%
of impacted enterprise
Vulnerability in the Java SE embedded component of Oracle Java SE (subcomponent: Hot Spot). Successful attacks of this vulnerability can result in takeover of Java SE.
DESCRIPTION
CVE-2018-2814
CVE(s)
High
SEVERITY
23%
of impacted enterprise
Adobe Flash Player 30.0.0.113 and earlier versions have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5007
CVE(s)
High
SEVERITY
23%
of impacted enterprise
The remote Windows host contains a version of the Microsoft Foundation Class (MFC) library affected by an insecure library- loading vulnerability. The path used for loading external libraries is not securely restricted. Arbitrary code can be executed on the remote host through the MFC library.
DESCRIPTION
CVE-2010-3190
CVE(s)
High
SEVERITY
22%
of impacted enterprise
18. ADOBE FLASH
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use- after- free vulnerability in the Primetime SDK, potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
DESCRIPTION
CVE-2017-11215
CVE(s)
High
SEVERITY
28%
of impacted enterprise
08. MICROSOFT IE
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer (aka“Scripting Engine Memory Corruption Vulnerability”). This affects Internet
DESCRIPTION
CVE-2018-8242
CVE(s)
High
SEVERITY
04. ORACLE JAVA
05. MICROSOFT APPS
06. SSL
12. MICROSOFT APPS
15. ORACLE JAVA
16. ADOBE FLASH
17. MICROSOFT APPS
22%
of impacted enterprise
19. Firefox
According to its version, there is at least one unsupported Mozilla application (Firefox, Thunderbird and/or SeaMonkey) installed on the remote host. This version of the software is no longer actively maintained. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
DESCRIPTION
None
CVE(s)
High
SEVERITY
22%
of impacted enterprise
An Uuntrusted search path vulnerability in the MFC llibrary in Microsoft Visual Studio .NET allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL/MFC Trace Tool).
DESCRIPTION
CVE-2015-0008
CVE(s)
High
SEVERITY
20. MICROSOFT OS
13. ADOBE FLASH
Google
SSL
Microsoft Apps
Oracle Java
Internet Explorer
Google
Microsoft Apps
01
02
03
04
05
06
07
08
09
10
Internet Explorer
Internet Explorer
Adobe Flash
An elevation of privilege vulnerability exists in .NET Framework that could allow an attacker to elevate their privilege level, (aka “.NET Framework Elevation of Privilege Vulnerability”).
DESCRIPTION
CVE-2018-8202
CVE(s)
High
SEVERITY
01. MICROSOFT APPS
32%
of impacted enterprise
02
30%
Google Chrome is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by Skia. By persuading a victim to visit a specially crafted web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
DESCRIPTION
CVE-2018-6153
CVE(s)
High
SEVERITY
02. GOOGLE CHROME
28%
of impacted enterprise
03. MICROSOFT IE
The Microsoft VBScript engines in Internet Explorer 8–11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, (aka "“Scripting Engine Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2015-6136
CVE(s)
High
SEVERITY
28%
of impacted enterprise
A remote user can exploit a flaw in the Java SE Java DB component to gain elevated privileges.
DESCRIPTION
CVE-2018-2938
CVE(s)
High
SEVERITY
04. ORACLE JAVA
28%
of impacted enterprise
A security feature bypass vulnerability exists in .NET Framework that could allow an attacker to bypass Device Guard (aka “.NET Framework Device Guard Security Feature Bypass Vulnerability”).
DESCRIPTION
CVE-2018-1039
CVE(s)
High
SEVERITY
05. MICROSOFT APPS
28%
of impacted enterprise
SSL Version 2 and 3 Protocol Detection. The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws, including an insecure padding scheme with CBC ciphers and insecure session renegotiation and resumption schemes.
DESCRIPTION
None
CVE(s)
High
SEVERITY
06. SSL
26%
of impacted enterprise
Google Chrome out- of-bounds memory access in WebRTC.
DESCRIPTION
CVE-2018-6130
CVE(s)
High
SEVERITY
07. GOOGLE CHROME
28%
of impacted enterprise
08. MICROSOFT IE
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer (aka“Scripting Engine Memory Corruption Vulnerability”). This affects Internet
DESCRIPTION
CVE-2018-8242
CVE(s)
High
SEVERITY
25%
of impacted enterprise
09. MICROSOFT IE
Microsoft browsers allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, (aka " “Scripting Engine Memory Corruption Vulnerability”)
DESCRIPTION
CVE-2017-8517
CVE(s)
High
SEVERITY
25%
of impacted enterprise
10. ADOBE FLASH
Adobe Flash Player 30.0.0.113 and earlier versions have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5007
CVE(s)
High
SEVERITY
24%
of impacted enterprise
11. MICROSOFT IE
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory (aka “Internet Explorer Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2018-8249, CVE-2018-0978
CVE(s)
High
SEVERITY
23%
of impacted enterprise
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails (aka “Microsoft Office Tampering Vulnerability”). This affects Microsoft Word, Microsoft Office.
DESCRIPTION
CVE-2018-8310
CVE(s)
High
SEVERITY
12. MICROSOFT APPS
23%
of impacted enterprise
Adobe Flash Player 29.0.0.171 and earlier versions have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5002
CVE(s)
High
SEVERITY
13. ADOBE FLASH
23%
of impacted enterprise
14. MICROSOFT IE
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory (aka “Microsoft Browser Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2018-8178
CVE(s)
High
SEVERITY
23%
of impacted enterprise
Vulnerability in the Java SE embedded component of Oracle Java SE (subcomponent: Hot Spot). Successful attacks of this vulnerability can result in takeover of Java SE.
DESCRIPTION
CVE-2018-2814
CVE(s)
High
SEVERITY
15. ORACLE JAVA
23%
of impacted enterprise
Adobe Flash Player 30.0.0.113 and earlier versions have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5007
CVE(s)
High
SEVERITY
16. ADOBE FLASH
23%
of impacted enterprise
The remote Windows host contains a version of the Microsoft Foundation Class (MFC) library affected by an insecure library- loading vulnerability. The path used for loading external libraries is not securely restricted. Arbitrary code can be executed on the remote host through the MFC library.
DESCRIPTION
CVE-2010-3190
CVE(s)
High
SEVERITY
17. MICROSOFT APPS
22%
of impacted enterprise
18. ADOBE FLASH
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use- after- free vulnerability in the Primetime SDK, potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
DESCRIPTION
CVE-2017-11215
CVE(s)
High
SEVERITY
22%
of impacted enterprise
19. Firefox
According to its version, there is at least one unsupported Mozilla application (Firefox, Thunderbird and/or SeaMonkey) installed on the remote host. This version of the software is no longer actively maintained. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
DESCRIPTION
None
CVE(s)
High
SEVERITY
22%
of impacted enterprise
An Uuntrusted search path vulnerability in the MFC llibrary in Microsoft Visual Studio .NET allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL/MFC Trace Tool).
DESCRIPTION
CVE-2015-0008
CVE(s)
High
SEVERITY
20. MICROSOFT OS
Adobe Flash
Internet Explorer
Internet Explorer
Google
SSL
Microsoft Apps
Oracle Java
Internet Explorer
Google
Microsoft Apps
01
02
03
04
05
06
07
08
09
10
Managing vulnerabilities at volume and scale across different teams requires actionable intelligence. Otherwise, you’re not making informed decisions – you’re guessing. The Top 10 Vulnerabilities chart provides insight into which vulnerabilities really exist in enterprise environments to help you make informed decisions about the risks they pose to your organization.
of enterprises
An elevation of privilege vulnerability exists in .NET Framework that could allow an attacker to elevate their privilege level, (aka “.NET Framework Elevation of Privilege Vulnerability”).
DESCRIPTION
CVE-2018-8202
CVE(s)
High
SEVERITY
01. MICROSOFT APPS
32%
of impacted enterprise
02
30%
of impacted enterprise
Google Chrome is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by Skia. By persuading a victim to visit a specially crafted web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
DESCRIPTION
CVE-2018-6153
CVE(s)
High
SEVERITY
02. GOOGLE CHROME
28%
03. MICROSOFT IE
The Microsoft VBScript engines in Internet Explorer 8–11 and other products, allow remote attackers to execute arbitrary code via a crafted web site,
(aka “Scripting Engine Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2015-6136
CVE(s)
High
SEVERITY
28%
of impacted enterprise
A remote user can exploit a flaw in the Java SE Java DB component to gain elevated privileges.
DESCRIPTION
CVE-2018-2938
CVE(s)
High
SEVERITY
04. ORACLE JAVA
28%
of impacted enterprise
A security feature bypass vulnerability exists in .NET Framework that could allow an attacker to bypass Device Guard (aka “.NET Framework Device Guard Security Feature Bypass Vulnerability”).
DESCRIPTION
CVE-2018-1039
CVE(s)
High
SEVERITY
05. MICROSOFT APPS
28%
of impacted enterprise
SSL Version 2 and 3 Protocol Detection. The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws, including an insecure padding scheme with CBC ciphers and insecure session renegotiation and resumption schemes.
DESCRIPTION
None
CVE(s)
High
SEVERITY
06. SSL
26%
of impacted enterprise
Google Chrome out- of-bounds memory access in WebRTC.
DESCRIPTION
CVE-2018-6130
CVE(s)
High
SEVERITY
07. GOOGLE CHROME
28%
of impacted enterprise
08. MICROSOFT IE
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer (aka“Scripting Engine Memory Corruption Vulnerability”). This affects Internet
DESCRIPTION
CVE-2018-8242
CVE(s)
High
SEVERITY
25%
of impacted enterprise
09. MICROSOFT IE
Microsoft browsers allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, (aka " “Scripting Engine Memory Corruption Vulnerability”)
DESCRIPTION
CVE-2017-8517
CVE(s)
High
SEVERITY
25%
of impacted enterprise
10. ADOBE FLASH
Adobe Flash Player 30.0.0.113 and earlier versions have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5007
CVE(s)
High
SEVERITY
24%
of impacted enterprise
11. MICROSOFT IE
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory (aka “Internet Explorer Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2018-8249, CVE-2018-0978
CVE(s)
High
SEVERITY
23%
of impacted enterprise
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails (aka “Microsoft Office Tampering Vulnerability”). This affects Microsoft Word, Microsoft Office.
DESCRIPTION
CVE-2018-8310
CVE(s)
High
SEVERITY
12. MICROSOFT APPS
23%
of impacted enterprise
Adobe Flash Player 29.0.0.171 and earlier versions have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5002
CVE(s)
High
SEVERITY
13. ADOBE FLASH
23%
of impacted enterprise
14. MICROSOFT IE
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory (aka “Microsoft Browser Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2018-8178
CVE(s)
High
SEVERITY
23%
of impacted enterprise
Vulnerability in the Java SE embedded component of Oracle Java SE (subcomponent: Hot Spot). Successful attacks of this vulnerability can result in takeover of Java SE.
DESCRIPTION
CVE-2018-2814
CVE(s)
High
SEVERITY
15. ORACLE JAVA
23%
of impacted enterprise
Adobe Flash Player 30.0.0.113 and earlier versions have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5007
CVE(s)
High
SEVERITY
16. ADOBE FLASH
23%
of impacted enterprise
The remote Windows host contains a version of the Microsoft Foundation Class (MFC) library affected by an insecure library- loading vulnerability. The path used for loading external libraries is not securely restricted. Arbitrary code can be executed on the remote host through the MFC library.
DESCRIPTION
CVE-2010-3190
CVE(s)
High
SEVERITY
17. MICROSOFT APPS
22%
of impacted enterprise
18. ADOBE FLASH
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use- after- free vulnerability in the Primetime SDK, potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
DESCRIPTION
CVE-2017-11215
CVE(s)
High
SEVERITY
22%
of impacted enterprise
19. Firefox
According to its version, there is at least one unsupported Mozilla application (Firefox, Thunderbird and/or SeaMonkey) installed on the remote host. This version of the software is no longer actively maintained. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
DESCRIPTION
None
CVE(s)
High
SEVERITY
22%
of impacted enterprise
An Uuntrusted search path vulnerability in the MFC llibrary in Microsoft Visual Studio .NET allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL/MFC Trace Tool).
DESCRIPTION
CVE-2015-0008
CVE(s)
High
SEVERITY
20. MICROSOFT OS
Adobe Flash
Internet Explorer
Internet Explorer
Google
SSL
Microsoft Apps
Oracle Java
Internet Explorer
Google
Microsoft Apps
01
02
03
04
05
06
07
08
09
10
Managing vulnerabilities at volume and scale across different teams requires actionable intelligence. Otherwise, you’re not making informed decisions – you’re guessing. The Top 10 Vulnerabilities chart provides insight into which vulnerabilities really exist in enterprise environments to help you make informed decisions about the risks they pose to your organization.
of enterprises
An elevation of privilege vulnerability exists in .NET Framework that could allow an attacker to elevate their privilege level, (aka “.NET Framework Elevation of Privilege Vulnerability”).
DESCRIPTION
CVE-2018-8202
CVE(s)
High
SEVERITY
01. MICROSOFT APPS
32%
of impacted enterprise
02
30%
of impacted enterprise
Google Chrome is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by Skia. By persuading a victim to visit a specially crafted web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
DESCRIPTION
CVE-2018-6153
CVE(s)
High
SEVERITY
02. GOOGLE CHROME
28%
of impacted enterprise
03. MICROSOFT IE
The Microsoft VBScript engines in Internet Explorer 8–11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, (aka "“Scripting Engine Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2015-6136
CVE(s)
High
SEVERITY
28%
A remote user can exploit a flaw in the Java SE Java DB component to gain elevated privileges.
DESCRIPTION
CVE-2018-2938
CVE(s)
High
SEVERITY
04. ORACLE JAVA
28%
of impacted enterprise
A security feature bypass vulnerability exists in .NET Framework that could allow an attacker to bypass Device Guard (aka “.NET Framework Device Guard Security Feature Bypass Vulnerability”).
DESCRIPTION
CVE-2018-1039
CVE(s)
High
SEVERITY
05. MICROSOFT APPS
28%
of impacted enterprise
SSL Version 2 and 3 Protocol Detection. The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws, including an insecure padding scheme with CBC ciphers and insecure session renegotiation and resumption schemes.
DESCRIPTION
None
CVE(s)
High
SEVERITY
06. SSL
26%
of impacted enterprise
Google Chrome out- of-bounds memory access in WebRTC.
DESCRIPTION
CVE-2018-6130
CVE(s)
High
SEVERITY
07. GOOGLE CHROME
28%
of impacted enterprise
08. MICROSOFT IE
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer (aka“Scripting Engine Memory Corruption Vulnerability”). This affects Internet
DESCRIPTION
CVE-2018-8242
CVE(s)
High
SEVERITY
25%
of impacted enterprise
09. MICROSOFT IE
Microsoft browsers allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, (aka " “Scripting Engine Memory Corruption Vulnerability”)
DESCRIPTION
CVE-2017-8517
CVE(s)
High
SEVERITY
25%
of impacted enterprise
10. ADOBE FLASH
Adobe Flash Player 30.0.0.113 and earlier versions have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5007
CVE(s)
High
SEVERITY
24%
of impacted enterprise
11. MICROSOFT IE
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory (aka “Internet Explorer Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2018-8249, CVE-2018-0978
CVE(s)
High
SEVERITY
23%
of impacted enterprise
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails (aka “Microsoft Office Tampering Vulnerability”). This affects Microsoft Word, Microsoft Office.
DESCRIPTION
CVE-2018-8310
CVE(s)
High
SEVERITY
12. MICROSOFT APPS
23%
of impacted enterprise
Adobe Flash Player 29.0.0.171 and earlier versions have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5002
CVE(s)
High
SEVERITY
13. ADOBE FLASH
23%
of impacted enterprise
14. MICROSOFT IE
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory (aka “Microsoft Browser Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2018-8178
CVE(s)
High
SEVERITY
23%
of impacted enterprise
Vulnerability in the Java SE embedded component of Oracle Java SE (subcomponent: Hot Spot). Successful attacks of this vulnerability can result in takeover of Java SE.
DESCRIPTION
CVE-2018-2814
CVE(s)
High
SEVERITY
15. ORACLE JAVA
23%
of impacted enterprise
Adobe Flash Player 30.0.0.113 and earlier versions have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5007
CVE(s)
High
SEVERITY
16. ADOBE FLASH
23%
of impacted enterprise
The remote Windows host contains a version of the Microsoft Foundation Class (MFC) library affected by an insecure library- loading vulnerability. The path used for loading external libraries is not securely restricted. Arbitrary code can be executed on the remote host through the MFC library.
DESCRIPTION
CVE-2010-3190
CVE(s)
High
SEVERITY
17. MICROSOFT APPS
22%
of impacted enterprise
18. ADOBE FLASH
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use- after- free vulnerability in the Primetime SDK, potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
DESCRIPTION
CVE-2017-11215
CVE(s)
High
SEVERITY
22%
of impacted enterprise
19. Firefox
According to its version, there is at least one unsupported Mozilla application (Firefox, Thunderbird and/or SeaMonkey) installed on the remote host. This version of the software is no longer actively maintained. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
DESCRIPTION
None
CVE(s)
High
SEVERITY
22%
of impacted enterprise
An Uuntrusted search path vulnerability in the MFC llibrary in Microsoft Visual Studio .NET allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL/MFC Trace Tool).
DESCRIPTION
CVE-2015-0008
CVE(s)
High
SEVERITY
20. MICROSOFT OS
Adobe Flash
Internet Explorer
Internet Explorer
Google
SSL
Microsoft Apps
Oracle Java
Internet Explorer
Google
Microsoft Apps
01
02
03
04
05
06
07
08
09
10
Managing vulnerabilities at volume and scale across different teams requires actionable intelligence. Otherwise, you’re not making informed decisions – you’re guessing. The Top 10 Vulnerabilities chart provides insight into which vulnerabilities really exist in enterprise environments to help you make informed decisions about the risks they pose to your organization.
of enterprises
An elevation of privilege vulnerability exists in .NET Framework that could allow an attacker to elevate their privilege level, (aka “.NET Framework Elevation of Privilege Vulnerability”).
DESCRIPTION
CVE-2018-8202
CVE(s)
High
SEVERITY
01. MICROSOFT APPS
32%
of impacted enterprise
02
30%
of impacted enterprise
Google Chrome is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by Skia. By persuading a victim to visit a specially crafted web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
DESCRIPTION
CVE-2018-6153
CVE(s)
High
SEVERITY
02. GOOGLE CHROME
28%
of impacted enterprise
03. MICROSOFT IE
The Microsoft VBScript engines in Internet Explorer 8–11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, (aka "“Scripting Engine Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2015-6136
CVE(s)
High
SEVERITY
28%
of impacted enterprise
A remote user can exploit a flaw in the Java SE Java DB component to gain elevated privileges.
DESCRIPTION
CVE-2018-2938
CVE(s)
High
SEVERITY
04. ORACLE JAVA
28%
A security feature bypass vulnerability exists in .NET Framework that could allow an attacker to bypass Device Guard (aka “.NET Framework Device Guard Security Feature Bypass Vulnerability”).
DESCRIPTION
CVE-2018-1039
CVE(s)
High
SEVERITY
05. MICROSOFT APPS
28%
of impacted enterprise
SSL Version 2 and 3 Protocol Detection. The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws, including an insecure padding scheme with CBC ciphers and insecure session renegotiation and resumption schemes.
DESCRIPTION
None
CVE(s)
High
SEVERITY
06. SSL
26%
of impacted enterprise
Google Chrome out- of-bounds memory access in WebRTC.
DESCRIPTION
CVE-2018-6130
CVE(s)
High
SEVERITY
07. GOOGLE CHROME
28%
of impacted enterprise
08. MICROSOFT IE
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer (aka“Scripting Engine Memory Corruption Vulnerability”). This affects Internet
DESCRIPTION
CVE-2018-8242
CVE(s)
High
SEVERITY
25%
of impacted enterprise
09. MICROSOFT IE
Microsoft browsers allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, (aka " “Scripting Engine Memory Corruption Vulnerability”)
DESCRIPTION
CVE-2017-8517
CVE(s)
High
SEVERITY
25%
of impacted enterprise
10. ADOBE FLASH
Adobe Flash Player 30.0.0.113 and earlier versions have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5007
CVE(s)
High
SEVERITY
24%
of impacted enterprise
11. MICROSOFT IE
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory (aka “Internet Explorer Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2018-8249, CVE-2018-0978
CVE(s)
High
SEVERITY
23%
of impacted enterprise
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails (aka “Microsoft Office Tampering Vulnerability”). This affects Microsoft Word, Microsoft Office.
DESCRIPTION
CVE-2018-8310
CVE(s)
High
SEVERITY
12. MICROSOFT APPS
23%
of impacted enterprise
Adobe Flash Player 29.0.0.171 and earlier versions have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5002
CVE(s)
High
SEVERITY
13. ADOBE FLASH
23%
of impacted enterprise
14. MICROSOFT IE
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory (aka “Microsoft Browser Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2018-8178
CVE(s)
High
SEVERITY
23%
of impacted enterprise
Vulnerability in the Java SE embedded component of Oracle Java SE (subcomponent: Hot Spot). Successful attacks of this vulnerability can result in takeover of Java SE.
DESCRIPTION
CVE-2018-2814
CVE(s)
High
SEVERITY
15. ORACLE JAVA
23%
of impacted enterprise
Adobe Flash Player 30.0.0.113 and earlier versions have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5007
CVE(s)
High
SEVERITY
16. ADOBE FLASH
23%
of impacted enterprise
The remote Windows host contains a version of the Microsoft Foundation Class (MFC) library affected by an insecure library- loading vulnerability. The path used for loading external libraries is not securely restricted. Arbitrary code can be executed on the remote host through the MFC library.
DESCRIPTION
CVE-2010-3190
CVE(s)
High
SEVERITY
17. MICROSOFT APPS
22%
of impacted enterprise
18. ADOBE FLASH
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use- after- free vulnerability in the Primetime SDK, potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
DESCRIPTION
CVE-2017-11215
CVE(s)
High
SEVERITY
22%
of impacted enterprise
19. Firefox
According to its version, there is at least one unsupported Mozilla application (Firefox, Thunderbird and/or SeaMonkey) installed on the remote host. This version of the software is no longer actively maintained. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
DESCRIPTION
None
CVE(s)
High
SEVERITY
22%
of impacted enterprise
An Uuntrusted search path vulnerability in the MFC llibrary in Microsoft Visual Studio .NET allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL/MFC Trace Tool).
DESCRIPTION
CVE-2015-0008
CVE(s)
High
SEVERITY
20. MICROSOFT OS
Adobe Flash
Internet Explorer
Internet Explorer
Google
SSL
Microsoft Apps
Oracle Java
Internet Explorer
Google
Microsoft Apps
01
02
03
04
05
06
07
08
09
10
Managing vulnerabilities at volume and scale across different teams requires actionable intelligence. Otherwise, you’re not making informed decisions – you’re guessing. The Top 10 Vulnerabilities chart provides insight into which vulnerabilities really exist in enterprise environments to help you make informed decisions about the risks they pose to your organization.
of enterprises
An elevation of privilege vulnerability exists in .NET Framework that could allow an attacker to elevate their privilege level, (aka “.NET Framework Elevation of Privilege Vulnerability”).
DESCRIPTION
CVE-2018-8202
CVE(s)
High
SEVERITY
01. MICROSOFT APPS
32%
of impacted enterprise
02
30%
of impacted enterprise
Google Chrome is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by Skia. By persuading a victim to visit a specially crafted web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
DESCRIPTION
CVE-2018-6153
CVE(s)
High
SEVERITY
02. GOOGLE CHROME
28%
of impacted enterprise
03. MICROSOFT IE
The Microsoft VBScript engines in Internet Explorer 8–11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, (aka "“Scripting Engine Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2015-6136
CVE(s)
High
SEVERITY
28%
of impacted enterprise
A remote user can exploit a flaw in the Java SE Java DB component to gain elevated privileges.
DESCRIPTION
CVE-2018-2938
CVE(s)
High
SEVERITY
04. ORACLE JAVA
28%
of impacted enterprise
A security feature bypass vulnerability exists in .NET Framework that could allow an attacker to bypass Device Guard (aka “.NET Framework Device Guard Security Feature Bypass Vulnerability”).
DESCRIPTION
CVE-2018-1039
CVE(s)
High
SEVERITY
05. MICROSOFT APPS
28%
SSL Version 2 and 3 Protocol Detection. The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws, including an insecure padding scheme with CBC ciphers and insecure session renegotiation and resumption schemes.
DESCRIPTION
None
CVE(s)
High
SEVERITY
06. SSL
26%
of impacted enterprise
Google Chrome out- of-bounds memory access in WebRTC.
DESCRIPTION
CVE-2018-6130
CVE(s)
High
SEVERITY
07. GOOGLE CHROME
28%
of impacted enterprise
08. MICROSOFT IE
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer (aka“Scripting Engine Memory Corruption Vulnerability”). This affects Internet
DESCRIPTION
CVE-2018-8242
CVE(s)
High
SEVERITY
25%
of impacted enterprise
09. MICROSOFT IE
Microsoft browsers allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, (aka " “Scripting Engine Memory Corruption Vulnerability”)
DESCRIPTION
CVE-2017-8517
CVE(s)
High
SEVERITY
25%
of impacted enterprise
10. ADOBE FLASH
Adobe Flash Player 30.0.0.113 and earlier versions have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5007
CVE(s)
High
SEVERITY
24%
of impacted enterprise
11. MICROSOFT IE
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory (aka “Internet Explorer Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2018-8249, CVE-2018-0978
CVE(s)
High
SEVERITY
23%
of impacted enterprise
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails (aka “Microsoft Office Tampering Vulnerability”). This affects Microsoft Word, Microsoft Office.
DESCRIPTION
CVE-2018-8310
CVE(s)
High
SEVERITY
12. MICROSOFT APPS
23%
of impacted enterprise
Adobe Flash Player 29.0.0.171 and earlier versions have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5002
CVE(s)
High
SEVERITY
13. ADOBE FLASH
23%
of impacted enterprise
14. MICROSOFT IE
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory (aka “Microsoft Browser Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2018-8178
CVE(s)
High
SEVERITY
23%
of impacted enterprise
Vulnerability in the Java SE embedded component of Oracle Java SE (subcomponent: Hot Spot). Successful attacks of this vulnerability can result in takeover of Java SE.
DESCRIPTION
CVE-2018-2814
CVE(s)
High
SEVERITY
15. ORACLE JAVA
23%
of impacted enterprise
Adobe Flash Player 30.0.0.113 and earlier versions have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5007
CVE(s)
High
SEVERITY
16. ADOBE FLASH
23%
of impacted enterprise
The remote Windows host contains a version of the Microsoft Foundation Class (MFC) library affected by an insecure library- loading vulnerability. The path used for loading external libraries is not securely restricted. Arbitrary code can be executed on the remote host through the MFC library.
DESCRIPTION
CVE-2010-3190
CVE(s)
High
SEVERITY
17. MICROSOFT APPS
22%
of impacted enterprise
18. ADOBE FLASH
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use- after- free vulnerability in the Primetime SDK, potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
DESCRIPTION
CVE-2017-11215
CVE(s)
High
SEVERITY
22%
of impacted enterprise
19. Firefox
According to its version, there is at least one unsupported Mozilla application (Firefox, Thunderbird and/or SeaMonkey) installed on the remote host. This version of the software is no longer actively maintained. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
DESCRIPTION
None
CVE(s)
High
SEVERITY
22%
of impacted enterprise
An Uuntrusted search path vulnerability in the MFC llibrary in Microsoft Visual Studio .NET allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL/MFC Trace Tool).
DESCRIPTION
CVE-2015-0008
CVE(s)
High
SEVERITY
20. MICROSOFT OS
Adobe Flash
Internet Explorer
Internet Explorer
Google
SSL
Microsoft Apps
Oracle Java
Internet Explorer
Google
Microsoft Apps
01
02
03
04
05
06
07
08
09
10
Managing vulnerabilities at volume and scale across different teams requires actionable intelligence. Otherwise, you’re not making informed decisions – you’re guessing. The Top 10 Vulnerabilities chart provides insight into which vulnerabilities really exist in enterprise environments to help you make informed decisions about the risks they pose to your organization.
of enterprises
An elevation of privilege vulnerability exists in .NET Framework that could allow an attacker to elevate their privilege level, (aka “.NET Framework Elevation of Privilege Vulnerability”).
DESCRIPTION
CVE-2018-8202
CVE(s)
High
SEVERITY
01. MICROSOFT APPS
32%
of impacted enterprise
02
30%
of impacted enterprise
Google Chrome is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by Skia. By persuading a victim to visit a specially crafted web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
DESCRIPTION
CVE-2018-6153
CVE(s)
High
SEVERITY
02. GOOGLE CHROME
28%
of impacted enterprise
03. MICROSOFT IE
The Microsoft VBScript engines in Internet Explorer 8–11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, (aka "“Scripting Engine Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2015-6136
CVE(s)
High
SEVERITY
28%
of impacted enterprise
A remote user can exploit a flaw in the Java SE Java DB component to gain elevated privileges.
DESCRIPTION
CVE-2018-2938
CVE(s)
High
SEVERITY
04. ORACLE JAVA
28%
of impacted enterprise
A security feature bypass vulnerability exists in .NET Framework that could allow an attacker to bypass Device Guard (aka “.NET Framework Device Guard Security Feature Bypass Vulnerability”).
DESCRIPTION
CVE-2018-1039
CVE(s)
High
SEVERITY
05. MICROSOFT APPS
28%
of impacted enterprise
SSL Version 2 and 3 Protocol Detection. The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws, including an insecure padding scheme with CBC ciphers and insecure session renegotiation and resumption schemes.
DESCRIPTION
None
CVE(s)
High
SEVERITY
06. SSL
26%
Google Chrome out-of-bounds memory access in WebRTC.
DESCRIPTION
CVE-2018-6130
CVE(s)
High
SEVERITY
07. GOOGLE CHROME
28%
of impacted enterprise
08. MICROSOFT IE
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer (aka“Scripting Engine Memory Corruption Vulnerability”). This affects Internet
DESCRIPTION
CVE-2018-8242
CVE(s)
High
SEVERITY
25%
of impacted enterprise
09. MICROSOFT IE
Microsoft browsers allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, (aka " “Scripting Engine Memory Corruption Vulnerability”)
DESCRIPTION
CVE-2017-8517
CVE(s)
High
SEVERITY
25%
of impacted enterprise
10. ADOBE FLASH
Adobe Flash Player 30.0.0.113 and earlier versions have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5007
CVE(s)
High
SEVERITY
24%
of impacted enterprise
11. MICROSOFT IE
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory (aka “Internet Explorer Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2018-8249, CVE-2018-0978
CVE(s)
High
SEVERITY
23%
of impacted enterprise
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails (aka “Microsoft Office Tampering Vulnerability”). This affects Microsoft Word, Microsoft Office.
DESCRIPTION
CVE-2018-8310
CVE(s)
High
SEVERITY
12. MICROSOFT APPS
23%
of impacted enterprise
Adobe Flash Player 29.0.0.171 and earlier versions have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5002
CVE(s)
High
SEVERITY
13. ADOBE FLASH
23%
of impacted enterprise
14. MICROSOFT IE
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory (aka “Microsoft Browser Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2018-8178
CVE(s)
High
SEVERITY
23%
of impacted enterprise
Vulnerability in the Java SE embedded component of Oracle Java SE (subcomponent: Hot Spot). Successful attacks of this vulnerability can result in takeover of Java SE.
DESCRIPTION
CVE-2018-2814
CVE(s)
High
SEVERITY
15. ORACLE JAVA
23%
of impacted enterprise
Adobe Flash Player 30.0.0.113 and earlier versions have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5007
CVE(s)
High
SEVERITY
16. ADOBE FLASH
23%
of impacted enterprise
The remote Windows host contains a version of the Microsoft Foundation Class (MFC) library affected by an insecure library- loading vulnerability. The path used for loading external libraries is not securely restricted. Arbitrary code can be executed on the remote host through the MFC library.
DESCRIPTION
CVE-2010-3190
CVE(s)
High
SEVERITY
17. MICROSOFT APPS
22%
of impacted enterprise
18. ADOBE FLASH
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use- after- free vulnerability in the Primetime SDK, potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
DESCRIPTION
CVE-2017-11215
CVE(s)
High
SEVERITY
22%
of impacted enterprise
19. Firefox
According to its version, there is at least one unsupported Mozilla application (Firefox, Thunderbird and/or SeaMonkey) installed on the remote host. This version of the software is no longer actively maintained. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
DESCRIPTION
None
CVE(s)
High
SEVERITY
22%
of impacted enterprise
An Uuntrusted search path vulnerability in the MFC llibrary in Microsoft Visual Studio .NET allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL/MFC Trace Tool).
DESCRIPTION
CVE-2015-0008
CVE(s)
High
SEVERITY
20. MICROSOFT OS
Adobe Flash
Internet Explorer
Internet Explorer
Google
SSL
Microsoft Apps
Oracle Java
Internet Explorer
Google
Microsoft Apps
01
02
03
04
05
06
07
08
09
10
Managing vulnerabilities at volume and scale across different teams requires actionable intelligence. Otherwise, you’re not making informed decisions – you’re guessing. The Top 10 Vulnerabilities chart provides insight into which vulnerabilities really exist in enterprise environments to help you make informed decisions about the risks they pose to your organization.
of enterprises
An elevation of privilege vulnerability exists in .NET Framework that could allow an attacker to elevate their privilege level, (aka “.NET Framework Elevation of Privilege Vulnerability”).
DESCRIPTION
CVE-2018-8202
CVE(s)
High
SEVERITY
01. MICROSOFT APPS
32%
of impacted enterprise
02
30%
of impacted enterprise
Google Chrome is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by Skia. By persuading a victim to visit a specially crafted web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
DESCRIPTION
CVE-2018-6153
CVE(s)
High
SEVERITY
02. GOOGLE CHROME
28%
of impacted enterprise
03. MICROSOFT IE
The Microsoft VBScript engines in Internet Explorer 8–11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, (aka "“Scripting Engine Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2015-6136
CVE(s)
High
SEVERITY
28%
of impacted enterprise
A remote user can exploit a flaw in the Java SE Java DB component to gain elevated privileges.
DESCRIPTION
CVE-2018-2938
CVE(s)
High
SEVERITY
04. ORACLE JAVA
28%
of impacted enterprise
A security feature bypass vulnerability exists in .NET Framework that could allow an attacker to bypass Device Guard (aka “.NET Framework Device Guard Security Feature Bypass Vulnerability”).
DESCRIPTION
CVE-2018-1039
CVE(s)
High
SEVERITY
05. MICROSOFT APPS
28%
of impacted enterprise
SSL Version 2 and 3 Protocol Detection. The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws, including an insecure padding scheme with CBC ciphers and insecure session renegotiation and resumption schemes.
DESCRIPTION
None
CVE(s)
High
SEVERITY
06. SSL
26%
of impacted enterprise
Google Chrome out- of-bounds memory access in WebRTC.
DESCRIPTION
CVE-2018-6130
CVE(s)
High
SEVERITY
07. GOOGLE CHROME
28%
08. MICROSOFT IE
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer (aka “Scripting Engine Memory Corruption Vulnerability”). This affects Internet Explorer 9-11.
DESCRIPTION
CVE-2018-8242
CVE(s)
High
SEVERITY
25%
of impacted enterprise
09. MICROSOFT IE
Microsoft browsers allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, (aka " “Scripting Engine Memory Corruption Vulnerability”)
DESCRIPTION
CVE-2017-8517
CVE(s)
High
SEVERITY
25%
of impacted enterprise
10. ADOBE FLASH
Adobe Flash Player 30.0.0.113 and earlier versions have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5007
CVE(s)
High
SEVERITY
24%
of impacted enterprise
11. MICROSOFT IE
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory (aka “Internet Explorer Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2018-8249, CVE-2018-0978
CVE(s)
High
SEVERITY
23%
of impacted enterprise
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails (aka “Microsoft Office Tampering Vulnerability”). This affects Microsoft Word, Microsoft Office.
DESCRIPTION
CVE-2018-8310
CVE(s)
High
SEVERITY
12. MICROSOFT APPS
23%
of impacted enterprise
Adobe Flash Player 29.0.0.171 and earlier versions have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5002
CVE(s)
High
SEVERITY
13. ADOBE FLASH
23%
of impacted enterprise
14. MICROSOFT IE
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory (aka “Microsoft Browser Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2018-8178
CVE(s)
High
SEVERITY
23%
of impacted enterprise
Vulnerability in the Java SE embedded component of Oracle Java SE (subcomponent: Hot Spot). Successful attacks of this vulnerability can result in takeover of Java SE.
DESCRIPTION
CVE-2018-2814
CVE(s)
High
SEVERITY
15. ORACLE JAVA
23%
of impacted enterprise
Adobe Flash Player 30.0.0.113 and earlier versions have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5007
CVE(s)
High
SEVERITY
16. ADOBE FLASH
23%
of impacted enterprise
The remote Windows host contains a version of the Microsoft Foundation Class (MFC) library affected by an insecure library- loading vulnerability. The path used for loading external libraries is not securely restricted. Arbitrary code can be executed on the remote host through the MFC library.
DESCRIPTION
CVE-2010-3190
CVE(s)
High
SEVERITY
17. MICROSOFT APPS
22%
of impacted enterprise
18. ADOBE FLASH
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use- after- free vulnerability in the Primetime SDK, potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
DESCRIPTION
CVE-2017-11215
CVE(s)
High
SEVERITY
22%
of impacted enterprise
19. Firefox
According to its version, there is at least one unsupported Mozilla application (Firefox, Thunderbird and/or SeaMonkey) installed on the remote host. This version of the software is no longer actively maintained. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
DESCRIPTION
None
CVE(s)
High
SEVERITY
22%
of impacted enterprise
An Uuntrusted search path vulnerability in the MFC llibrary in Microsoft Visual Studio .NET allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL/MFC Trace Tool).
DESCRIPTION
CVE-2015-0008
CVE(s)
High
SEVERITY
20. MICROSOFT OS
Adobe Flash
Internet Explorer
Internet Explorer
Google
SSL
Microsoft Apps
Oracle Java
Internet Explorer
Google
Microsoft Apps
01
02
03
04
05
06
07
08
09
10
Managing vulnerabilities at volume and scale across different teams requires actionable intelligence. Otherwise, you’re not making informed decisions – you’re guessing. The Top 10 Vulnerabilities chart provides insight into which vulnerabilities really exist in enterprise environments to help you make informed decisions about the risks they pose to your organization.
of enterprises
An elevation of privilege vulnerability exists in .NET Framework that could allow an attacker to elevate their privilege level, (aka “.NET Framework Elevation of Privilege Vulnerability”).
DESCRIPTION
CVE-2018-8202
CVE(s)
High
SEVERITY
01. MICROSOFT APPS
32%
of impacted enterprise
02
30%
of impacted enterprise
Google Chrome is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by Skia. By persuading a victim to visit a specially crafted web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
DESCRIPTION
CVE-2018-6153
CVE(s)
High
SEVERITY
02. GOOGLE CHROME
28%
of impacted enterprise
03. MICROSOFT IE
The Microsoft VBScript engines in Internet Explorer 8–11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, (aka "“Scripting Engine Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2015-6136
CVE(s)
High
SEVERITY
28%
of impacted enterprise
A remote user can exploit a flaw in the Java SE Java DB component to gain elevated privileges.
DESCRIPTION
CVE-2018-2938
CVE(s)
High
SEVERITY
04. ORACLE JAVA
28%
of impacted enterprise
A security feature bypass vulnerability exists in .NET Framework that could allow an attacker to bypass Device Guard (aka “.NET Framework Device Guard Security Feature Bypass Vulnerability”).
DESCRIPTION
CVE-2018-1039
CVE(s)
High
SEVERITY
05. MICROSOFT APPS
28%
of impacted enterprise
SSL Version 2 and 3 Protocol Detection. The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws, including an insecure padding scheme with CBC ciphers and insecure session renegotiation and resumption schemes.
DESCRIPTION
None
CVE(s)
High
SEVERITY
06. SSL
26%
of impacted enterprise
Google Chrome out- of-bounds memory access in WebRTC.
DESCRIPTION
CVE-2018-6130
CVE(s)
High
SEVERITY
07. GOOGLE CHROME
28%
of impacted enterprise
08. MICROSOFT IE
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer (aka“Scripting Engine Memory Corruption Vulnerability”). This affects Internet
DESCRIPTION
CVE-2018-8242
CVE(s)
High
SEVERITY
25%
09. MICROSOFT IE
Microsoft browsers allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, (aka “Scripting Engine Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2017-8517
CVE(s)
High
SEVERITY
25%
of impacted enterprise
10. ADOBE FLASH
Adobe Flash Player 30.0.0.113 and earlier versions have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5007
CVE(s)
High
SEVERITY
24%
of impacted enterprise
11. MICROSOFT IE
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory (aka “Internet Explorer Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2018-8249, CVE-2018-0978
CVE(s)
High
SEVERITY
23%
of impacted enterprise
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails (aka “Microsoft Office Tampering Vulnerability”). This affects Microsoft Word, Microsoft Office.
DESCRIPTION
CVE-2018-8310
CVE(s)
High
SEVERITY
12. MICROSOFT APPS
23%
of impacted enterprise
Adobe Flash Player 29.0.0.171 and earlier versions have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5002
CVE(s)
High
SEVERITY
13. ADOBE FLASH
23%
of impacted enterprise
14. MICROSOFT IE
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory (aka “Microsoft Browser Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2018-8178
CVE(s)
High
SEVERITY
23%
of impacted enterprise
Vulnerability in the Java SE embedded component of Oracle Java SE (subcomponent: Hot Spot). Successful attacks of this vulnerability can result in takeover of Java SE.
DESCRIPTION
CVE-2018-2814
CVE(s)
High
SEVERITY
15. ORACLE JAVA
23%
of impacted enterprise
Adobe Flash Player 30.0.0.113 and earlier versions have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5007
CVE(s)
High
SEVERITY
16. ADOBE FLASH
23%
of impacted enterprise
The remote Windows host contains a version of the Microsoft Foundation Class (MFC) library affected by an insecure library- loading vulnerability. The path used for loading external libraries is not securely restricted. Arbitrary code can be executed on the remote host through the MFC library.
DESCRIPTION
CVE-2010-3190
CVE(s)
High
SEVERITY
17. MICROSOFT APPS
22%
of impacted enterprise
18. ADOBE FLASH
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use- after- free vulnerability in the Primetime SDK, potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
DESCRIPTION
CVE-2017-11215
CVE(s)
High
SEVERITY
22%
of impacted enterprise
19. Firefox
According to its version, there is at least one unsupported Mozilla application (Firefox, Thunderbird and/or SeaMonkey) installed on the remote host. This version of the software is no longer actively maintained. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
DESCRIPTION
None
CVE(s)
High
SEVERITY
22%
of impacted enterprise
An Uuntrusted search path vulnerability in the MFC llibrary in Microsoft Visual Studio .NET allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL/MFC Trace Tool).
DESCRIPTION
CVE-2015-0008
CVE(s)
High
SEVERITY
20. MICROSOFT OS
Adobe Flash
Internet Explorer
Internet Explorer
Google
SSL
Microsoft Apps
Oracle Java
Internet Explorer
Google
Microsoft Apps
01
02
03
04
05
06
07
08
09
10
Managing vulnerabilities at volume and scale across different teams requires actionable intelligence. Otherwise, you’re not making informed decisions – you’re guessing. The Top 10 Vulnerabilities chart provides insight into which vulnerabilities really exist in enterprise environments to help you make informed decisions about the risks they pose to your organization.
of enterprises
An elevation of privilege vulnerability exists in .NET Framework that could allow an attacker to elevate their privilege level, (aka “.NET Framework Elevation of Privilege Vulnerability”).
DESCRIPTION
CVE-2018-8202
CVE(s)
High
SEVERITY
01. MICROSOFT APPS
32%
of impacted enterprise
02
30%
of impacted enterprise
Google Chrome is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by Skia. By persuading a victim to visit a specially crafted web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
DESCRIPTION
CVE-2018-6153
CVE(s)
High
SEVERITY
02. GOOGLE CHROME
28%
of impacted enterprise
03. MICROSOFT IE
The Microsoft VBScript engines in Internet Explorer 8–11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, (aka "“Scripting Engine Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2015-6136
CVE(s)
High
SEVERITY
28%
of impacted enterprise
A remote user can exploit a flaw in the Java SE Java DB component to gain elevated privileges.
DESCRIPTION
CVE-2018-2938
CVE(s)
High
SEVERITY
04. ORACLE JAVA
28%
of impacted enterprise
A security feature bypass vulnerability exists in .NET Framework that could allow an attacker to bypass Device Guard (aka “.NET Framework Device Guard Security Feature Bypass Vulnerability”).
DESCRIPTION
CVE-2018-1039
CVE(s)
High
SEVERITY
05. MICROSOFT APPS
28%
of impacted enterprise
SSL Version 2 and 3 Protocol Detection. The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws, including an insecure padding scheme with CBC ciphers and insecure session renegotiation and resumption schemes.
DESCRIPTION
None
CVE(s)
High
SEVERITY
06. SSL
26%
of impacted enterprise
Google Chrome out- of-bounds memory access in WebRTC.
DESCRIPTION
CVE-2018-6130
CVE(s)
High
SEVERITY
07. GOOGLE CHROME
28%
of impacted enterprise
08. MICROSOFT IE
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer (aka“Scripting Engine Memory Corruption Vulnerability”). This affects Internet
DESCRIPTION
CVE-2018-8242
CVE(s)
High
SEVERITY
25%
of impacted enterprise
09. MICROSOFT IE
Microsoft browsers allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, (aka " “Scripting Engine Memory Corruption Vulnerability”)
DESCRIPTION
CVE-2017-8517
CVE(s)
High
SEVERITY
25%
10. ADOBE FLASH
Adobe Flash Player 30.0.0.113 and earlier versions have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5007
CVE(s)
High
SEVERITY
24%
of impacted enterprise
11. MICROSOFT IE
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory (aka “Internet Explorer Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2018-8249, CVE-2018-0978
CVE(s)
High
SEVERITY
23%
of impacted enterprise
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails (aka “Microsoft Office Tampering Vulnerability”). This affects Microsoft Word, Microsoft Office.
DESCRIPTION
CVE-2018-8310
CVE(s)
High
SEVERITY
12. MICROSOFT APPS
23%
of impacted enterprise
Adobe Flash Player 29.0.0.171 and earlier versions have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5002
CVE(s)
High
SEVERITY
13. ADOBE FLASH
23%
of impacted enterprise
14. MICROSOFT IE
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory (aka “Microsoft Browser Memory Corruption Vulnerability”).
DESCRIPTION
CVE-2018-8178
CVE(s)
High
SEVERITY
23%
of impacted enterprise
Vulnerability in the Java SE embedded component of Oracle Java SE (subcomponent: Hot Spot). Successful attacks of this vulnerability can result in takeover of Java SE.
DESCRIPTION
CVE-2018-2814
CVE(s)
High
SEVERITY
15. ORACLE JAVA
23%
of impacted enterprise
Adobe Flash Player 30.0.0.113 and earlier versions have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
DESCRIPTION
CVE-2018-5007
CVE(s)
High
SEVERITY
16. ADOBE FLASH
23%
of impacted enterprise
The remote Windows host contains a version of the Microsoft Foundation Class (MFC) library affected by an insecure library- loading vulnerability. The path used for loading external libraries is not securely restricted. Arbitrary code can be executed on the remote host through the MFC library.
DESCRIPTION
CVE-2010-3190
CVE(s)
High
SEVERITY
17. MICROSOFT APPS
22%
of impacted enterprise
18. ADOBE FLASH
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use- after- free vulnerability in the Primetime SDK, potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
DESCRIPTION
CVE-2017-11215
CVE(s)
High
SEVERITY
22%
of impacted enterprise
19. Firefox
According to its version, there is at least one unsupported Mozilla application (Firefox, Thunderbird and/or SeaMonkey) installed on the remote host. This version of the software is no longer actively maintained. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
DESCRIPTION
None
CVE(s)
High
SEVERITY
22%
of impacted enterprise
An Uuntrusted search path vulnerability in the MFC llibrary in Microsoft Visual Studio .NET allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL/MFC Trace Tool).
DESCRIPTION
CVE-2015-0008
CVE(s)
High
SEVERITY
20. MICROSOFT OS
Adobe Flash
Internet Explorer
Internet Explorer
Google
SSL
Microsoft Apps
Oracle Java
Internet Explorer
Google
Microsoft Apps
01
02
03
04
05
06
07
08
09
10
Managing vulnerabilities at volume and scale across different teams requires actionable intelligence. Otherwise, you’re not making informed decisions – you’re guessing. The Top 10 Vulnerabilities chart provides insight into which vulnerabilities really exist in enterprise environments to help you make informed decisions about the risks they pose to your organization.
of enterprises
