Security Advisories

2024


CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities
CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-23917 JetBrains TeamCity authentication bypass leading to possible RCE
CVE-2024-22862, CVE-2024-22860 Integer overflow vulnerability in FFmpeg leads to Remote Code Execution
CVE-2024-23897 Jenkins unauthenticated attackers to read arbitrary files on the Jenkins controller file system


2023


CVE-2023-41056: Redis Remote Code Execution Vulnerability
CVE-2023-42465 Sudo up to 1.9.14 ROWHAMMER Improper Authentication
CVE-2023-49734 Apache Superset: Privilege Escalation Vulnerability
CVE-2023-51385 OpenSSH OS command injection
CVE-2023-22522 - RCE Vulnerability In Confluence Data Center and Confluence Server
CVE-2023-40610: Incorrect Authorization and possible privilege escalation in Apache Superset
CVE-2023-46214 Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing
CVE-2023-46604 Apache ActiveMQ is vulnerable to Remote Code Execution
CVE-2023-5044 Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
CVE-2023-22518 - Improper Authorization Vulnerability In Confluence Data Center and Server
CVE-2023-22086, CVE-2023-21931Lỗ hổng trong Oracle Weblogic Server cho phép truy cập dữ liệu trái phép
CVE-2023-2163 Incorrect calculation in BPF in Linux Kernel from 5.4 leads to local privilege escalation
CVE-2023-4911 Looney Tunables – Local Privilege Escalation in the glibc’s ld.so
CVE-2023-22515 – Zero-Day Privilege Escalation Vulnerability in Atlassian Confluence Data Center and Server 
CVE-2023-5009- A Critical Vulnerability in GitLab Scan Execution Policies
CVE-2023-42793: Critical Authentication Bypass in JetBrains TeamCity CI/CD Servers 
Rủi ro bảo mật về tính năng Remote Tunnel Access của Visual Studio Code
CVE-2023-1260 An authentication bypass vulnerability was discovered in kube-apiserver 
Oracle E-Business Suite - Remote Code Execution (CVE-2022-21587)
CVE-2023-39265 and CVE-2023-37941: Unauthorized SQLite Access and RCE Vulnerabilities in Apache Superset
CVE-2023-39361 Cacti SQL injection discovered in graph_view.php
​​​​​​CVE-2023-25690: Critical Apache HTTP Request Smuggling via Header Injection 
CVE-2023-39143: PaperCut Path Traversal/File Upload RCE Vulnerability​​​​​​​
CVE-2023-39151 Stored XSS vulnerability in Jenkins
CVE-2023-38646: Metabase Pre-auth RCE​​​​​​​
CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability
CVE-2023-28131 Expo Framework Oauth flaw leads to credential leak​​​​​​​​​​​​​​
CVE-2023-2825 Gitlab critical path traversal vulnerability
CVE-2023-27524 Insecure Default Configuration in Apache Superset
CVE-2023-27350 PaperCut Authentication Bypass Vulnerabilities lead to Remote Code Execution
CVE-2023-29059 3CX Desktop App for Windows and macOS Reportedly Compromised in Supply Chain Attack
CVE-2023-28432 MinIO Information Disclosure in Cluster Deployment
CVE-2023-23397 Microsoft Outlook Elevation of Privilege Vulnerability


2022


CVE-2022-46463 Harbor Unauthorized Access Vulnerability
CVE-2022-46169: Critical vulnerability affects Cacti network graphing solution
CVE-2022-43781 - Bitbucket Server and Data Center- Command Injection Vulnerability​​​​​​​
Lưu ý và hướng dẫn cấu hình Privacy trên Office 365 SharePoint Site Group 
CVE-2022-42889 Text4shell Apache Commons Text RCE Vulnerability
CVE-2022-2884 - Remote Command Execution via Github import
CVE-2022-29154: Rsync client-side arbitrary file write vulnerability​​​​​​​
Nguy cơ bị tấn công mạng từ việc khai thác 9 lỗ hổng trong sản phẩm Microsoft​​​​​​​
CVE-2022-33891: Apache Spark shell command injection vulnerability via Spark UI​​​​​​​
[CVE-2022-2185] GitLab Remote Code Execution Vulnerability​​​​​​​
[Advisory] How to secure your k8s​​​​​​​
[CVE-2022-23222] Linux Kernel eBPF local privilege escalation​​​​​​​
[CVE-2022-26134] Remote code execution via OGNL injection in Confluence Server & Data Center​​​​​​​
​​​​​​​Những điều cần biết để tự bảo vệ mình khỏi Social Engineering Attack​​​​​​​
[CVE-2022-30190] Zero Click Zero Day Microsoft Office RCE​​​​​​​
[CVE-2022-22784] Lỗ hổng mới trong Zoom cho phép attacker tấn công người dùng chỉ bằng cách gửi tin nhắn​​​​​​​
Remote code execution vulnerability in FASTJSON 1.2.80​​​​​​​
Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches​​​​​​​
[CVE-2022-29464/WSO2-2021-1738] Lỗ hổng upload file dẫn đến RCE trên các sản phẩm WSO2​​​​​​​
[CVE-2022-22965] Spring framework RCE via Data Binding on JDK 9+​​​​​​​
CVE-2022-22963: Spring Cloud Function RCE Vulnerability​​​​​​​
[Advisory] Lừa đảo bằng tấn công "Trình duyệt trong trình duyệt" (browser in browser)
[Advisory] How to Secure Rsync​​​​​​​
[Advisory] Atlassian: Để an toàn khi sử dụng Atlassian cloud​​​​​​​
[CVE-2022-0543] Redis Lua sandbox bypass command execution​​​​​​​
[CVE-2018-13379] Path Traversal vulnerability in the FortiOS SSL VPN web portal​​​​​​​
[CVE-2022-0492] Privilege escalation vulnerability causing container escape​​​​​​​
[CVE-2022-0824] Lỗ hổng kiểm soát truy cập không đúng trong trình quản lý tệp của webmin​​​​​​​
[CVE-2022-0847] Linux Kernel Local Privilege Escalation Vulnerability (Dirtypipe)​​​​​​​
CVE-2022-0735 - Runner registration token disclosure​​​​​​​
[Advisory] Ukraine - Russia crisis​​​​​​​
[CVE-2022-23131] Unsafe Session Storage to unauthenticate Zabbix Frontend​​​​​​​
[Advisory] OS command injection​​​​​​​