NVD disclosure day

Published threat advisories for August 5, 2024

CVE-2024-42009

Roundcube Webmail: Cross-Site Scripting Vulnerability Allows Email Theft

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A cross-site scripting vulnerability in Roundcube Webmail affects organizations using specific versions. Attackers can steal and send emails, impacting data confidentiality and integrity. The realistic business risk involves potential data breaches and unauthorized communications.

NVD published: August 5, 2024 • CISA KEV

CVE advisoryKnown Exploit

CVE-2024-38856

Apache OFBiz Authorization Vulnerability Allows Code Execution.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An incorrect authorization vulnerability in Apache OFBiz may allow unauthenticated attackers to execute code. This could impact systems by compromising confidentiality, integrity, and availability. The business risk is significant if affected systems are not updated.

NVD published: August 5, 2024 • CISA KEV