large-logo-mcafee-dark

Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top Vulnerabilities

Vulnerability Description
CVE-2018-8411 An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
CVE-2018-8569 A remote code execution vulnerability exists in the Yammer desktop application due to the loading of arbitrary content, aka "Yammer Desktop Application Remote Code Execution Vulnerability." This affects Yammer Desktop App.
CVE-2018-16986 Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow.
CVE-2018-8415 A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerability." This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
CVE-2018-8589 An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
CVE-2018-8550 An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
CVE-2018-5407 Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2018-15979 An information disclosure vulnerability has been discovered in Adobe Flash Player. The flaw affects the application installed on Windows, macOS, Linux, and Chrome OS. The defect is due to an out-of-bounds read error. Successful exploitation could result in the disclosure of a user's hashed NTLM password.
CVE-2018-6981 A code execution vulnerability has been discovered in VMware ESXi, Fusion, and Workstation. The flaw is due to an uninitialized stack memory usage defect in the vmxnet3 virtual network adapter. Successful exploitation could allow a guest user to execute code on the host.
CVE-2018-6982 An information disclosure vulnerability has been discovered in VMware ESXi, Fusion, and Workstation. The flaw is due to an uninitialized stack memory usage defect in the vmxnet3 virtual network adapter. Successful exploitation could allow a guest user to gain access to sensitive information on the host.