Security Advisories
2024
CVE-2024-9264 Command injection and local file inclusion via SQL Expressions in Grafana
CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)
CVE-2024-6387: RCE in OpenSSH's server on glibc-based Linux systems
CVE-2024-22120: Zabbix Server Audit Log Time-Based SQL Injection Vulnerability
CVE-2024-4956 - Nexus Repository 3 <= 3.68.0 - Path Traversal Arbitrary File Read
CVE-2024-29849: Veeam's Backup Nightmare: Full System Access Exposed
CVE-2024-29895: Command Injection Flaw in Cacti leads to RCE
CVE-2024-21378 - Remote Code Execution in Microsoft Outlook
CVE-2024-21006: Oracle WebLogic Server T3/IIOP Information Disclosure Vulnerability
CVE-2024-2279 GitLab CE/EE XSS vulnerability
CVE-2024-29201, CVE-2024-29202 Critical Vulnerabilities in Ansible leads to RCE in Celery
CVE-2024-3116: Critical pgAdmin Vulnerability Exposes Databases to Remote Attacks
CVE-2023-34048 CVE-2023-34056 VMware vCenter Server OOB write and information disclosure vulnerabilities
CVE-2024-3094 Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library
CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities
CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-23917 JetBrains TeamCity authentication bypass leading to possible RCE
CVE-2024-22862, CVE-2024-22860 Integer overflow vulnerability in FFmpeg leads to Remote Code Execution
CVE-2024-23897 Jenkins unauthenticated attackers to read arbitrary files on the Jenkins controller file system
2023
CVE-2023-41056: Redis Remote Code Execution Vulnerability
CVE-2023-42465 Sudo up to 1.9.14 ROWHAMMER Improper Authentication
CVE-2023-49734 Apache Superset: Privilege Escalation Vulnerability
CVE-2023-51385 OpenSSH OS command injection
CVE-2023-22522 - RCE Vulnerability In Confluence Data Center and Confluence Server
CVE-2023-40610: Incorrect Authorization and possible privilege escalation in Apache Superset
CVE-2023-46214 Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing
CVE-2023-46604 Apache ActiveMQ is vulnerable to Remote Code Execution
CVE-2023-5044 Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
CVE-2023-22518 - Improper Authorization Vulnerability In Confluence Data Center and Server
CVE-2023-22086, CVE-2023-21931Lỗ hổng trong Oracle Weblogic Server cho phép truy cập dữ liệu trái phép
CVE-2023-2163 Incorrect calculation in BPF in Linux Kernel from 5.4 leads to local privilege escalation
CVE-2023-4911 Looney Tunables – Local Privilege Escalation in the glibc’s ld.so
CVE-2023-22515 – Zero-Day Privilege Escalation Vulnerability in Atlassian Confluence Data Center and Server
CVE-2023-5009- A Critical Vulnerability in GitLab Scan Execution Policies
CVE-2023-42793: Critical Authentication Bypass in JetBrains TeamCity CI/CD Servers
Rủi ro bảo mật về tính năng Remote Tunnel Access của Visual Studio Code
CVE-2023-1260 An authentication bypass vulnerability was discovered in kube-apiserver
Oracle E-Business Suite - Remote Code Execution (CVE-2022-21587)
CVE-2023-39265 and CVE-2023-37941: Unauthorized SQLite Access and RCE Vulnerabilities in Apache Superset
CVE-2023-39361 Cacti SQL injection discovered in graph_view.php
CVE-2023-25690: Critical Apache HTTP Request Smuggling via Header Injection
CVE-2023-39143: PaperCut Path Traversal/File Upload RCE Vulnerability
CVE-2023-39151 Stored XSS vulnerability in Jenkins
CVE-2023-38646: Metabase Pre-auth RCE
CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability
CVE-2023-28131 Expo Framework Oauth flaw leads to credential leak
CVE-2023-2825 Gitlab critical path traversal vulnerability
CVE-2023-27524 Insecure Default Configuration in Apache Superset
CVE-2023-27350 PaperCut Authentication Bypass Vulnerabilities lead to Remote Code Execution
CVE-2023-29059 3CX Desktop App for Windows and macOS Reportedly Compromised in Supply Chain Attack
CVE-2023-28432 MinIO Information Disclosure in Cluster Deployment
CVE-2023-23397 Microsoft Outlook Elevation of Privilege Vulnerability
2022
CVE-2022-46463 Harbor Unauthorized Access Vulnerability
CVE-2022-46169: Critical vulnerability affects Cacti network graphing solution
CVE-2022-43781 - Bitbucket Server and Data Center- Command Injection Vulnerability
Lưu ý và hướng dẫn cấu hình Privacy trên Office 365 SharePoint Site Group
CVE-2022-42889 Text4shell Apache Commons Text RCE Vulnerability
CVE-2022-2884 - Remote Command Execution via Github import
CVE-2022-29154: Rsync client-side arbitrary file write vulnerability
Nguy cơ bị tấn công mạng từ việc khai thác 9 lỗ hổng trong sản phẩm Microsoft
CVE-2022-33891: Apache Spark shell command injection vulnerability via Spark UI
[CVE-2022-2185] GitLab Remote Code Execution Vulnerability
[Advisory] How to secure your k8s
[CVE-2022-23222] Linux Kernel eBPF local privilege escalation
[CVE-2022-26134] Remote code execution via OGNL injection in Confluence Server & Data Center
Những điều cần biết để tự bảo vệ mình khỏi Social Engineering Attack
[CVE-2022-30190] Zero Click Zero Day Microsoft Office RCE
[CVE-2022-22784] Lỗ hổng mới trong Zoom cho phép attacker tấn công người dùng chỉ bằng cách gửi tin nhắn
Remote code execution vulnerability in FASTJSON 1.2.80
Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches
[CVE-2022-29464/WSO2-2021-1738] Lỗ hổng upload file dẫn đến RCE trên các sản phẩm WSO2
[CVE-2022-22965] Spring framework RCE via Data Binding on JDK 9+
CVE-2022-22963: Spring Cloud Function RCE Vulnerability
[Advisory] Lừa đảo bằng tấn công "Trình duyệt trong trình duyệt" (browser in browser)
[Advisory] How to Secure Rsync
[Advisory] Atlassian: Để an toàn khi sử dụng Atlassian cloud
[CVE-2022-0543] Redis Lua sandbox bypass command execution
[CVE-2018-13379] Path Traversal vulnerability in the FortiOS SSL VPN web portal
[CVE-2022-0492] Privilege escalation vulnerability causing container escape
[CVE-2022-0824] Lỗ hổng kiểm soát truy cập không đúng trong trình quản lý tệp của webmin
[CVE-2022-0847] Linux Kernel Local Privilege Escalation Vulnerability (Dirtypipe)
CVE-2022-0735 - Runner registration token disclosure
[Advisory] Ukraine - Russia crisis
[CVE-2022-23131] Unsafe Session Storage to unauthenticate Zabbix Frontend
[Advisory] OS command injection