Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
qualysblogFelix JimenezQUALYSBLOG:9BA334FCEF38374A0B09A0614B2D74D4
HistoryDec 27, 2019 - 6:01 p.m.

Top 19+ Vulnerability CVEs in Santa’s Dashboard Tracking

2019-12-2718:01:22
Felix Jimenez
blog.qualys.com
3684
JSON

A recent report identified 19+ vulnerabilities that should be mitigated by end of year 2019. These are a range of top vulnerabilities attacked and leveraged by Advance Persistent Threat (APT) actors from all parts of the world.

The list below shows those top 19 vulnerabilities, and it should be no surprise that you can easily track and remediate them via a dashboard within Qualys. Import the dashboard into your subscription for easy insight into what assets and vulnerabilities in your organization are at risk.

No. CVE Products Affected by CVE CVSS Score (NVD) Examples of Threat Actors
1 CVE-2017-11882 Microsoft Office 7.8 APT32 (Vietnam), APT34 (Iran), APT40 (China), APT-C-35 (India), Cobalt Group (Spain, Ukraine), Silent Group (Russia), Lotus Blossom (China), FIN7 (Russia) 2

Detecting the Top 19 CVEs

Qualys has detections (QIDs) for Qualys Vulnerability Management that cover authenticated and remotely detected vulnerabilities supported by Qualys scanners and Qualys Cloud Agent.

To return a list of all impacted hosts, use the following QQL query within the VM Dashboard:

vulnerabilities.vulnerability.cveIds:[CVE-2017-11882, CVE-2018-8174, CVE-2017-0199, CVE-2018-4878, CVE-2017-10271, CVE-2019-0708, CVE-2017-5638, CVE-2017-5715, CVE-2017-8759, CVE-2018-20250, CVE-2018-7600, CVE-2018-10561, CVE-2012-0158, CVE-2017-8570, CVE-2018-0802, CVE-2017-0143, CVE-2018-12130, CVE-2019-2725, CVE-2019-3396]

You can import the following dashboard to track all 19 CVEs as shown in the template below:

Alerts

The Qualys Cloud Platform enables you to continuously monitor for vulnerabilities and misconfigurations and get alerted for your most critical assets.

See how to set up notifications for new and updated QIDs.

Tracking Per-Year Environment Impact and Remediation

The Qualys visualization team has included a Per-Year Environment Insight View Dashboard for easy tracking and remediation. This dashboard has been included in release 2.42 and can be found within the dashboard templates library. It will automatically show your systems whether scanned internally, externally or on remote mobile computers with the groundbreaking Qualys Cloud Agent.

This Per-Year Environment Insight View Dashboard will display data per year based on First Found date, followed by Vulnerability Status, Severity, Compliance, Real-Time Threat Intelligence (RTI)s from Qualys Threat Protection, and Vulnerability Published Dates, allowing for an easy glance across your environment.

Get Started Now

To start detecting and remediating these vulnerabilities now, get a Qualys Suite trial.

Visit the Qualys Community to download other dashboards created by your SMEs and Product Management team and import them into your subscription for further data insights.

Related

securelist 24
talosblog 8
fireeye 15
threatpost 24
ics 1
canvas 2
thn 13
pentestit 1
malwarebytes 18
myhack58 10
seebug 2
exploitpack 4
trendmicroblog 3
exploitdb 1
carbonblack 1
hivepro 1
githubexploit 1
attackerkb 6
zdt 7
qualysblog 2
prion 4
cisa_kev 3
checkpoint_advisories 7
nessus 2
kitploit 3
cve 4
openvas 7
nuclei 1
metasploit 1
mscve 1
mskb 11
hackerone 2
packetstorm 2
symantec 3
mmpc 1
ubuntucve 1
saint 2
securelist
securelist
IT threat evolution Q1 2018. Statistics
2018-05-14 10:00:30
IT threat evolution Q1 2019. Statistics
2019-05-23 10:00:53
Cycldek: Bridging the (air) gap
2020-06-03 10:00:32
talosblog
talosblog
Multiple Cobalt Personality Disorder
2018-07-31 09:38:00
Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”
2019-09-17 08:09:45
SWEED: Exposing years of Agent Tesla campaigns
2019-07-16 05:47:33
fireeye
fireeye
APT40: Examining a China-Nexus Espionage Actor
2019-03-04 13:00:00
FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY
2017-09-12 13:00:00
Microsoft Office Vulnerabilities Used to Distribute Zyklon Malware in Recent Campaign
2018-01-17 12:00:00
threatpost
threatpost
Cobalt Group Pushes Revamped ThreadKit Malware
2018-12-11 18:40:00
MassMiner Takes a Kitchen-Sink Approach to Cryptomining
2018-05-03 20:26:37
Panda Threat Group Mines for Monero With Updated Payload, Targets
2019-09-17 21:04:35
ics
ics
Top 10 Routinely Exploited Vulnerabilities
2020-05-12 12:00:00
canvas
canvas
Immunity Canvas: OFFICE_WSDL
2017-09-13 01:29:00
Immunity Canvas: MS12_027
2012-04-10 21:55:00
thn
thn
New USBCulprit Espionage Tool Steals Data From Air-Gapped Computers
2020-06-04 08:31:00
Hackers Exploiting Drupal Vulnerability to Inject Cryptocurrency Miners
2018-04-18 09:49:00
Cybercrime Group TA558 Targeting Hospitality, Hotel, and Travel Organizations
2022-08-19 13:35:00
pentestit
pentestit
UPDATE: Infection Monkey 1.6.1
2018-12-03 22:28:53
malwarebytes
malwarebytes
Exploit kits: fall 2018 review
2018-10-24 16:10:54
Chinese APT group targets India and Hong Kong using new variant of MgBot malware
2020-07-21 15:00:00
Exploit kits: summer 2018 review
2018-08-07 15:00:00
myhack58
myhack58
To see the Hidden Bee how to use a new vulnerability propagation-vulnerability warning-the black bar safety net
2018-08-07 00:00:00
Oolong CVE-2017-8570 samples and behind the idea-vulnerability warning-the black bar safety net
2017-08-11 00:00:00
The latest exposure of the RTF vulnerability beside the use of research to explore the topic guide-vulnerability warning-the black bar safety net
2017-09-21 00:00:00
seebug
seebug
FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY
2017-09-14 00:00:00
Adobe Flash Player Use After Free Remote Code Execution Vulnerability(CVE-2018-4878)
2018-02-23 00:00:00
exploitpack
exploitpack
Microsoft Office - Composite Moniker Remote Code Execution
2018-01-09 00:00:00
Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
2019-02-28 00:00:00
Oracle WebLogic Server 10.3.6.0.0 12.x - Remote Command Execution
2017-12-26 00:00:00
trendmicroblog
trendmicroblog
This Week in Security News: Spam Campaigns and Cryptocurrency Miners
2019-06-14 13:25:23
This Week in Security News
2017-11-22 14:00:16
This Week in Security News: Trends and Tea Parties
2018-03-02 14:35:07
exploitdb
exploitdb
Microsoft Office - 'Composite Moniker Remote Code Execution
2018-01-09 00:00:00
carbonblack
carbonblack
Technical Analysis: Hackers Leveraging COVID-19 Pandemic to Launch Phishing Attacks, Fake Apps/Maps, Trojans, Backdoors, Cryptominers, Botnets & Ransomware
2020-03-19 20:48:06
hivepro
hivepro
Muhstik botnet adds another vulnerability exploit to its arsenal
2022-03-29 12:17:03
githubexploit
githubexploit
Exploit for Injection in Oracle Weblogic Server
2019-08-23 01:42:57
attackerkb
attackerkb
CVE-2018-20250
2019-02-05 00:00:00
CVE-2018-10561
2018-05-04 00:00:00
CVE-2017-10271 - Oracle WebLogic Server AsyncResponseService Deserialization Vulnerability
2017-10-19 00:00:00
zdt
zdt
WinRAR 5.61 - Path Traversal Exploit
2019-03-18 00:00:00
RARLAB WinRAR ACE Format Input Validation Remote Code Execution Exploit
2019-04-24 00:00:00
Oracle WebLogic < 10.3.6 - wls-wsat Component Deserialisation Remote Command Execution Exploit
2018-01-08 00:00:00
qualysblog
qualysblog
Qualys Top 20 Most Exploited Vulnerabilities
2023-09-04 14:00:00
Intel Makes Spectre Patch Progress, while Adobe Grapples with Latest Flash Bug
2018-02-09 15:20:40
prion
prion
Path traversal
2019-02-05 20:29:00
Authentication flaw
2018-05-04 03:29:00
Design/Logic Flaw
2017-10-19 17:29:00
cisa_kev
cisa_kev
WinRAR Absolute Path Traversal Vulnerability
2022-02-15 00:00:00
Oracle Corporation WebLogic Server Remote Code Execution Vulnerability
2022-02-10 00:00:00
Microsoft Office Remote Code Execution Vulnerability
2022-02-25 00:00:00
checkpoint_advisories
checkpoint_advisories
RARLAB WinRaR ACE Format Input Validation Remote Code Execution (CVE-2018-20250)
2019-02-13 00:00:00
Dasan GPON Router Authentication Bypass (CVE-2018-10561)
2018-05-13 00:00:00
Microsoft Office Composite Moniker Code Execution (CVE-2017-8570)
2017-08-29 00:00:00
nessus
nessus
GPON ONT Home Gateway Router is vulnerable to authentication bypass (CVE-2018-10561)
2018-12-19 00:00:00
Oracle WebLogic WSAT Remote Code Execution
2017-12-28 00:00:00
kitploit
kitploit
Sn1per v6.0 - Automated Pentest Framework For Offensive Security Experts
2018-11-24 12:43:00
Sn1per v5.0 - Automated Pentest Recon Scanner
2018-07-05 13:45:00
Sn1per v7.0 - Automated Pentest Framework For Offensive Security Experts
2019-05-12 13:09:00
cve
cve
CVE-2018-10561
2018-05-04 03:29:00
CVE-2018-20250
2019-02-05 20:29:00
CVE-2017-10271
2017-10-19 17:29:00
openvas
openvas
Microsoft Office 2016 Remote Code Execution Vulnerability (KB3213545)
2017-07-12 00:00:00
Microsoft Office 2010 Service Pack 2 Remote Code Execution Vulnerability (KB3213624)
2017-07-12 00:00:00
Microsoft .NET Framework Remote Code Execution Vulnerability (KB4040975)
2017-09-13 00:00:00
nuclei
nuclei
Oracle WebLogic Server - Remote Command Execution
2021-02-03 00:48:46
metasploit
metasploit
Oracle WebLogic wls-wsat Component Deserialization RCE
2018-01-05 20:05:21
mscve
mscve
Microsoft Office Remote Code Execution Vulnerability
2017-07-11 07:00:00
mskb
mskb
Description of the security update for Office 2010: July 11, 2017
2017-07-11 07:00:00
Description of the Security Only update for the .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and for the .NET Framework 4.6 for Windows Server 2008 SP2: September 12, 2017
2017-09-12 07:00:00
Description of the Security Only update for the .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 for Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2: September 12, 2017
2017-09-12 07:00:00
hackerone
hackerone
MTN Group: Remote OS Command Execution on Oracle Weblogic server via [CVE-2017-10271]
2020-03-04 13:45:59
U.S. Dept Of Defense: RCE on █████ via CVE-2017-10271
2019-05-10 22:23:31
packetstorm
packetstorm
RARLAB WinRAR ACE Format Input Validation Remote Code Execution
2019-04-24 00:00:00
Oracle WebLogic wls-wsat Component Deserialization Remote Code Execution
2018-01-28 00:00:00
symantec
symantec
Microsoft Windows .NET Framework CVE-2017-8759 Remote Code Execution Vulnerability
2017-09-12 00:00:00
Oracle WebLogic Server CVE-2017-10271 Remote Security Vulnerability
2017-10-17 00:00:00
Microsoft Office CVE-2017-8570 Remote Code Execution Vulnerability
2017-07-11 00:00:00
mmpc
mmpc
Exploit for CVE-2017-8759 detected and neutralized
2017-09-12 18:46:50
ubuntucve
ubuntucve
CVE-2018-4878
2018-02-06 00:00:00
saint
saint
Microsoft Windows Common Controls MSCOMCTL.OCX Vulnerability
2012-04-12 00:00:00
Microsoft Windows Common Controls MSCOMCTL.OCX Vulnerability
2012-04-12 00:00:00
JSON
Related for QUALYSBLOG:9BA334FCEF38374A0B09A0614B2D74D4
securelist24talosblog8fireeye15threatpost24ics1canvas2thn13pentestit1malwarebytes18myhack5810seebug2exploitpack4trendmicroblog3exploitdb1carbonblack1hivepro1githubexploit1attackerkb6zdt7qualysblog2prion4cisa_kev3checkpoint_advisories7nessus2kitploit3cve4openvas7nuclei1metasploit1mscve1mskb11hackerone2packetstorm2symantec3mmpc1ubuntucve1saint2