Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 42 ms.

CVE-2023-24019: TALOS-2023-1718 || Cisco Talos Intelligence Group

A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

CVE
#vulnerability#cisco#intel#buffer_overflow#auth
CVE-2022-25626: Support Content Notification - Support Portal - Broadcom support portal

An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session.

A firsthand perspective on the recent LinkedIn account takeover campaign

Categories: News Tags: LinkedIn Tags: sessions Tags: contacts It started with a password reset email in the middle of the night. (Read more...) The post A firsthand perspective on the recent LinkedIn account takeover campaign appeared first on Malwarebytes Labs.

GHSA-vp58-j275-797x: Better Auth allows bypassing the trustedOrigins Protection which leads to ATO

### Summary A bypass was found for the security feature **trustedOrigins**. This works for wild card or absolute URLs trustedOrigins configs and opens the victims website to a **Open Redirect** vulnerability, where it can be used to steal the **reset password token** of a victims account by changing the "callbackURL" parameter value to a website owned by the attacker. ### Details #### Absolute URLs The issue here appears in the **middleware**, [specifically](https://github.com/better-auth/better-auth/blob/ddebd0358d74376ea64541512d0167dd4377f182/packages/better-auth/src/api/middlewares/origin-check.ts#L53). This protection is not sufficiente and it allows attackers to get a open redirect, by using the payload `/\/example.com`. We can check this is a valid URL ( or it will be a valid URL because the URL parser fix it for us ), by checking the image bellow: ![image](https://github.com/user-attachments/assets/d192f06d-358d-4612-97d9-cab89ba55b06) ```typescript // trustedOrigins = [ ...

CVE-2023-35147: Jenkins Security Advisory 2023-06-14

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system.

CVE-2023-35145: Jenkins Security Advisory 2023-06-14

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission.

CVE-2023-35143: Jenkins Security Advisory 2023-06-14

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project versions in `pom.xml`.

CVE-2023-35141: Jenkins Security Advisory 2023-06-14

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.

CVE-2023-35146: Jenkins Security Advisory 2023-06-14

Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create jobs.

CVE-2023-35144: Jenkins Security Advisory 2023-06-14

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability.