NVD disclosure day

Published threat advisories for May 29, 2019

CVE-2019-9670

Synacor Zimbra Collaboration Suite XXE Vulnerability.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A vulnerability in the Synacor Zimbra Collaboration Suite's mailboxd component allows for XML External Entity injection, potentially exposing data and disrupting operations. The Autodiscover component is externally accessible, enabling attackers to exploit this flaw without prior access, posing a significant business r

NVD published: May 29, 2019 • CISA KEV

CVE advisoryKnown Exploit

CVE-2018-13383

Fortinet SSL VPN Web Portal Service Disruption.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

Fortinet SSL VPN web portals may experience service termination due to improper handling of web page data. This could disrupt access for logged-in users and presents a business risk related to service availability. Organizations should identify affected systems and apply vendor updates to mitigate this risk.

NVD published: May 29, 2019 • CISA KEV