Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 32 ms.

CVE-2021-3743: net: qrtr: fix another OOB Read in qrtr_endpoint_post · torvalds/linux@7e78c59

An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.

CVE
#vulnerability#linux
CVE-2022-27643: Security Advisory for Pre-Authentication Buffer Overflow on Multiple Products, PSV-2021-0323

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15692.

CVE-2022-24552: CVE-2022-24552 Remote code execution via disk management command in StarWind Products

StarWind SAN and NAS before 0.2 build 1685 allows remote code execution via a virtual disk management command.

CVE-2022-33756: Support Content Notification - Support Portal - Broadcom support portal

CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data.

CVE-2023-3412: Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite <= 1.0.0 - Missing Authorization to Stored Cross-Site Scripting — Wordfence Intelligence

The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0. This is due to a missing capability check on the ajax_store_save() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify plugin settings and inject malicious web scripts.

Boston Scientific Zoom Latitude

This advisory contains mitigations for Use of Password Hash with Insufficient Computational Effort, Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques, Improper Access Control, Missing Support for Integrity Check, and Reliance on Component That is Not Updateable vulnerabilities in the Boston Scientific Zoom Latitude programmer/recorder/monitor (PRM) 3120 model.

CVE-2022-30781: Gitea 1.16.7 is released - Blog

Gitea before 1.16.7 does not escape git fetch remote.

Zyxel Firewall ZTP Unauthenticated Command Injection

This Metasploit module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support. By sending a malicious setWanPortSt command containing an mtu field with a crafted OS command to the /ztp/cgi-bin/handler page, an attacker can gain remote command execution as the nobody user. Affected Zyxel models are USG FLEX 50, 50W, 100W, 200, 500, 700 using firmware 5.21 and below, USG20-VPN and USG20W-VPN using firmware 5.21 and below, and ATP 100, 200, 500, 700, 800 using firmware 5.21 and below.

CVE-2023-23372: Vulnerability in QTS and QuTS hero - Security Advisory

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h4.5.4.2476 build 20230728 and later