NVD disclosure day

Published threat advisories for April 27, 2017

CVE advisoryKnown Exploit

CVE-2017-3066

Adobe ColdFusion Code Execution Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Adobe ColdFusion software is affected by a Java deserialization vulnerability that can allow for arbitrary code execution. This presents a business risk as attackers could gain control of affected systems and data. Organizations should address this vulnerability to mitigate potential compromise.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2017-8291

Ghostscript Remote Code Execution Vulnerability.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in Artifex Ghostscript can allow attackers to bypass security features and execute commands remotely. This impacts organizations using the affected software, posing a risk to system control and data. Mitigation involves identifying and securing systems that process documents with this software.

NVD published: • CISA KEV