large-logo-mcafee-dark

Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top 10 Vulnerabilities

Vulnerability Description
CVE-2019-1674 A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. W...
CVE-2019-1663 A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A su...
CVE-2019-0541 A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.
CVE-2019-1723 A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have administrator privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to the affected system using this account. A successful exploit cou...
CVE-2018-20250 In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
CVE-2019-0808 A privilege escalation vulnerability has been discovered in Microsoft Windows. The flaw is due to how objects in memory are handled by the Win32k component. Successful exploitation could allow a local attacker to run arbitrary code in kernel mode.
CVE-2019-0797 A privilege escalation vulnerability has been discovered in Microsoft Windows. The flaw is due to how objects in memory are handled by the Win32k component. Successful exploitation could allow a local attacker to run arbitrary code in kernel mode.
CVE-2019-0726 A remote code execution vulnerability has been discovered in the Microsoft Windows DHCP client. The flaw is due to how the client handles specially crafted DHCP responses. Successful exploitation could allow a remote attacker to run arbitrary code.
CVE-2019-7816 A remote code execution vulnerability has been discovered in Adobe ColdFusion 11, 2016, and 2018. The flaw is due to how file uploads to a web directory are handled. Successful exploitation could allow a remote attacker to bypass restrictions and upload executable code.
CVE-2019-5786 A remote code execution vulnerability has been discovered in Google Chrome. The flaw is due to a Use-After-Free defect in the FileReader component. An exploit in the wild has been discovered. Successful exploitation could result in the execution of remote code. Versions prior to 72.0.3626.121 for Windows, Mac, and Linux are affected.