NVD disclosure day

Published threat advisories for March 27, 2018

CVE advisoryKnown Exploit

CVE-2018-6882

Zimbra Collaboration Suite: Cross-Site Scripting in Attachment Links.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A cross-site scripting vulnerability in Zimbra Collaboration Suite allows remote attackers to inject web scripts or HTML via email attachments. This could lead to unauthorized code execution within the email interface, posing a risk to affected organizations' data and systems.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2017-12319

Cisco IOS XE BGP EVPN Vulnerability Leads to Network Instability.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A vulnerability in Cisco IOS XE Software, when BGP is configured over EVPN, could allow an attacker to cause a denial of service or network instability by corrupting the BGP routing table. This impacts organizations using affected Cisco devices with this specific configuration.

NVD published: • CISA KEV