Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 45 ms.

CVE-2023-1868: YourChannel <= 1.2.3 - Missing Authorization to Plugin Cache Reset — Wordfence Intelligence

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrc_clear_cache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to clear the plugin's cache.

CVE
#vulnerability#wordpress#intel#perl#auth
CVE-2021-4366: PWA for WP & AMP < = 1.7.32 - Missing Authorization — Wordfence Intelligence

The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings within the plugin.

CVE-2023-2562: Gallery Metabox <= 1.5 - Missing Authorization via refresh_metabox — Wordfence Intelligence

The Gallery Metabox for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the refresh_metabox function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to obtain a list of images attached to a post.

CVE-2023-5415: Funnelforms Free <= 3.4 - Missing Authorization to New Category Creation — Wordfence Intelligence

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_add_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to add new categories.

CVE-2023-5416: Funnelforms Free <= 3.4 - Missing Authorization to Category Deletion — Wordfence Intelligence

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete categories.

CVE-2021-42784: D-Link Technical Support

OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request.

Hidden Backdoors in npm Packages Let Attackers Wipe Entire Systems

Malicious npm packages found with hidden endpoints that wipe systems on command. Devs warned to check dependencies for express-api-sync, system-health-sync-api.

Okta Breach Impacted All Customer Support Users—Not 1 Percent

Okta upped its original estimate of customer support users affected by a recent breach from 1 percent to 100 percent, citing a “discrepancy.”

CVE-2022-41250: Jenkins Security Advisory 2022-09-21

A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2013-6282: ARM: 7527/1: uaccess: explicitly check __user pointer when !CPU_USE_D… · torvalds/linux@8404663

The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.