| BULLETIN | CVE |
| Scripting Engine | CVE-2018-1019, CVE-2018-0980, CVE-2018-0995, CVE-2018-0994, CVE-2018-0993, CVE-2018-0990, CVE-2018-0979, CVE-2018-1000, CVE-2018-0989, CVE-2018-0987, CVE-2018-0981, CVE-2018-1001, CVE-2018-0988, CVE-2018-0996 |
| Browser | CVE-2018-0870, CVE-2018-1018, CVE-2018-1020, CVE-2018-0997, CVE-2018-0991, CVE-2018-1023, CVE-2018-0998, CVE-2018-0892 |
| APSB18-08 | CVE-2018-4932, CVE-2018-4933, CVE-2018-4934, CVE-2018-4935, CVE-2018-4936, CVE-2018-4937 |
| Oracle Java cpuapr2018-3678067 | CVE-2018-2825, CVE-2018-2826, CVE-2018-2814, CVE-2018-2811, CVE-2018-2794, CVE-2018-2783, CVE-2018-2798, CVE-2018-2796, CVE-2018-2799, CVE-2018-2797, CVE-2018-2795, CVE-2018-2815, CVE-2018-2800, CVE-2018-2790 |
| Windows | CVE-2018-0890, CVE-2018-0966, CVE-2018-1009, CVE-2018-8116, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016, CVE-2018-1010, CVE-2018-1012, CVE-2018-1003, CVE-2018-1008, CVE-2018-0963, CVE-2018-0887, CVE-2018-0969, CVE-2018-0968, CVE-2018-0960, CVE-2018-0974, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0975, CVE-2018-0976, CVE-2018-0967, CVE-2018-1004 |
| Microsoft Office | CVE-2018-0920, CVE-2018-1029, CVE-2018-1011, CVE-2018-1027, CVE-2018-1007, CVE-2018-0950, CVE-2018-1030, CVE-2018-1026 |
| Developer Tools | CVE-2018-1037 |
| Microsoft HTTP.sys | CVE-2018-0956 |
| Sharepoint | CVE-2018-1014,CVE-2018-1034, CVE-2018-1005, CVE-2018-1032 |
| Hyper-V | CVE-2018-0964, CVE-2018-0957 |
Tripwire's April 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Oracle and Adobe. First on the patch priority list this month are patches for Microsoft Browsers and Scripting Engine. The patches for Internet Explorer and Microsoft Edge resolve six memory corruption vulnerabilities and two information disclosure vulnerabilities. The patches for Microsoft's Scripting Engine address numerous memory corruption vulnerabilities. Next on the patch priority list this month are patches for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These Adobe Flash patches address three remote code execution vulnerabilities along with three information disclosure vulnerabilities. Next on the list are patches from Oracle for Java. The Oracle April 2018 CPU for Java addresses 14 vulnerabilities across the Java 6, 7, 8, and 10 version families. Up next are patches for Microsoft Windows operating system. These patches address security feature bypass, information disclosure, denial of service, elevation of privilege and remote code execution vulnerabilities. Next, administrators should focus on the patches available for Microsoft Office and Microsoft Developer Tools. These patches fix information disclosure, remote code execution and elevation of privilege vulnerabilities. Last but not least for this month, administrators should focus on patches available for Microsoft HTTP.sys, SharePoint and Hyper-V. These patches resolve elevation of privilege, denial of service and information disclosure vulnerabilities. To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.
