Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top 10 Vulnerabilities

Vulnerability Description
CVE-2018-8115 A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Windows Host Compute.
CVE-2018-8174 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
CVE-2018-4990 A remote code execution vulnerability has been discovered in Adobe Acrobat Reader. The double-free flaw could lead to memory corruption. Exploit code for the defect has been discovered in the wild.
CVE-2018-8120 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.
CVE-2018-0980 A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019.
CVE-2018-8267 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8243.
CVE-2018-6148 A security bypass vulnerability has been discovered in Google Chrome. The flaw is due to the incorrect handling of CSP headers. The high severity flaw affects the browser installed on Windows, Mac, and Linux.
CVE-2018-5002 A stack-based buffer overflow exist in Adobe Flash Player. Successful exploitation could lead to remote code execution. An exploit in the wild has been discovered being used in limited attacks.
CVE-2018-8140 An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status, aka "Cortana Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10.
CVE-2018-4993 A remote information disclosure vulnerability has been discovered in Adobe Acrobat Reader. The defect lies in the implementation of Microsoft’s NTLM authentication. Proof-of-concept code has been published publicly.