large-logo-mcafee-dark

Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top 10 Vulnerabilities

Vulnerability Description
CVE-2018-15440 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient sanitization of user-supplied data that is written to log files and displayed in certain web pages of the web-based management interface of an affected device. An attacker could exploit this vulnerability...
CVE-2019-0626 a remote code execution vulnerability lies in the Windows Server DHCP service. The flaw is due to a memory corruption defect. Successful exploitation could result in the execution of arbitrary code. Affected versions of Windows include Windows 10, Windows 7, Windows 8.1, Windows RT 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, and Windows Server, version 1709 (Server Core Installation).
CVE-2019-0686 A privilege escalation vulnerability has been discovered in Microsoft Exchange Server. The flaw lies in the notifications contract between EWS clients and Exchange Servers. Successful exploitation could allow an attacker to perform a man-in-the-middle attack. Microsoft Exchange Server 2010, 2013, 2016, and 2019 are affected.
CVE-2019-0676 An information disclosure vulnerability lies in Microsoft Internet Explorer. The flaw is due to how objects in memory are handled. Successful exploitation could allow the disclosure of sensitive information. Affected versions include Internet Explorer 10 and 11 installed on Windows Server 2012, Windows 10, Windows Server 2019, Windows 7, Windows 8.1, Windows RT 8.1, Windows Server 2008 R2, and Windows Server 2012 R2.
CVE-2019-7287 A zero-day remote code execution vulnerability lies in iOS. The flaw is due to a memory corruption flaw in the IOKit component. Successful exploitation could result in the execution of arbitrary code. The vulnerability is being actively exploited in the wild.
CVE-2019-7286 A zero-day privilege escalation vulnerability lies in iOS. The flaw is due to a memory corruption issue in the Foundation component. Successful exploitation could allow an application to gain escalated privileges. The vulnerability is being actively exploited in the wild.
CVE-2019-5736 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related ...
CVE-2019-0724 A privilege escalation vulnerability has been discovered in Microsoft Exchange Server. The flaw lies in the Exchange Web Services (EWS) and Push Notifications components. Successful exploitation could allow an attacker to perform a man-in-the-middle attack. Microsoft Exchange Server 2010, 2013, 2016, and 2019 are affected.
CVE-2019-1688 A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potenti...
CVE-2019-1653 A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnos...