Search
lenovo warranty check/lookup | check warranty status | lenovo support us
Found 10000 results in 79 ms.
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408.
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218370.
XNU NFSSVC suffers from root check bypass and use-after-free vulnerabilities due to insufficient locking in upcall worker threads.
By Owais Sultan B2B data privacy startups have become increasingly important in recent years as businesses seek to protect the sensitive… This is a post from HackRead.com Read the original post: 5 B2B Data Privacy Startups to Check Out in 2023
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as well as custom fields the CLA requester had configured. In addition, an arbitrary authenticated user can update or delete the CLA-configuration for repositories or organizations using CLA-assistant. The stored access tokens for GitHub are not affected, as these are redacted from the API-responses.
A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials.
A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to the web application and persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.
### Summary Grafana allows an attacker in the Viewer role, send alerts by API Alert - Test. The option is not available from the user panel UI for in the Viewer role. **Reason for the error**: The API does not check access to this function and allows it by users with the least rights, for example, the Viewer that does not see this option in the user panel. This enables malicious users to abuse the functionality by sending multiple alert messages (e-mail, slack, etc…), spamming users, prepare Phishing attack or blocked SMTP server / IP and automatically moved all message to spam folder, add to black list IP. ### Details The logged-in user, in the Viewer role, in the user panel, does not have access to the test option of sending an e-mail alert. View of the panel for the user in the Viewer role:  Admin role - View panel for admin role: . ### Patches _Has the problem been patched? What versions should users upgrade to?_ v3.9.8 and above ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ Code level patch ### References _Are there any links users can visit to find out more?_ https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2373