Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 61 ms.

CVE-2021-41965: SQL Injection Vulnerability in ChurchCRM (CVE-2021-41965)

A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed.

CVE
#sql#vulnerability#web#windows#apple#apache#git#php#auth#chrome#webkit
Kaspersky's US Customers Face Tight Deadline Following Govt. Ban

After Sept. 29, 2024, organizations and individuals that continue using the vendor's products will no longer receive any updates or support.

CVE-2022-23746: Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and services

The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.

Camaro Dragon Hackers Strike with USB-Driven Self-Propagating Malware

The Chinese cyber espionage actor known as Camaro Dragon has been observed leveraging a new strain of self-propagating malware that spreads through compromised USB drives. "While their primary focus has traditionally been Southeast Asian countries, this latest discovery reveals their global reach and highlights the alarming role USB drives play in spreading malware," Check Point said in new

CVE-2021-22447

["There is an Improper Check for Unusual or Exceptional Conditions Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset."]

CVE-2020-36697: WP GDPR <= 2.1.1 - Missing Authorization Checks — Wordfence Intelligence

The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the plugin’s settings.

CVE-2023-4943: BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation — Wordfence Intelligence

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.

GHSA-m85w-3h95-hcf9: DOM Clobbering Gadget found in astro's client-side router that leads to XSS

### Summary A DOM Clobbering gadget has been discoverd in Astro's client-side router. It can lead to cross-site scripting (XSS) in websites enables Astro's client-side routing and has *stored* attacker-controlled scriptless HTML elements (i.e., `iframe` tags with unsanitized `name` attributes) on the destination pages. ### Details #### Backgrounds DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. More for information about DOM Clobbering, here are some references: [1] https://scnps.co/papers/sp23_domclob.pdf [2] https://research.securitum.com/xss-in-amp4email-dom-clobbering/ #### Gadgets found in Astro We identified a DOM Clobbering gadget in Astro's client-side routing module, specifically in the `<ViewTransitions />` component. ...

Spell-Checking in Google Chrome, Microsoft Edge Browsers Leaks Passwords

It's called "spell-jacking": Both browsers have spell-check features that send data to Microsoft and Google when users fill out forms for websites or Web services.

CVE-2023-24019: TALOS-2023-1718 || Cisco Talos Intelligence Group

A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.