Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 74 ms.

CVE-2023-5074: Authentication Bypass in D-Link D-View 8

Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28

CVE
#vulnerability#web#auth
CVE-2023-41999: Arcserve Unified Data Protection Multiple Vulnerabilities

An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication.

GHSA-h4vp-69r8-gvjg: org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerability

### Impact Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to a possible privilege escalation from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. It is possible to check if an existing installation is vulnerable by opening `<xwiki-host>/xwiki/bin/view/%22%5D%5D%20%7B%7Basync%20async%3D%22true%22%20cached%3D%22false%22%20context%3D%22doc.reference%22%7D%7D%7B%7Bgroovy%7D%7Dprintln(%22Hello%20%22%20%2B%20%22from%20groovy!%22)%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D?sheet=SkinsCode.XWikiSkinsSheet&xpage=view` where <xwiki-host is the URL of the XWiki installation. The expected result are two list items with "Edit this skin" and "Test this skin" without any furthe...

CVE-2023-28882: Announcing ModSecurity version 3.0.9

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.

US and Europe Account for 73% of Global Exposed ICS Systems

73% of globally exposed ICS systems are in the US and Europe, with the US leading at 38%.…

GHSA-mg66-qvc5-rm93: Missing validation causes denial of service via `SparseTensorToCSRSparseMatrix`

### Impact The implementation of [`tf.raw_ops.SparseTensorToCSRSparseMatrix`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/sparse/sparse_tensor_to_csr_sparse_matrix_op.cc#L65-L119) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf indices = tf.constant(53, shape=[3], dtype=tf.int64) values = tf.constant(0.554979503, shape=[218650], dtype=tf.float32) dense_shape = tf.constant(53, shape=[3], dtype=tf.int64) tf.raw_ops.SparseTensorToCSRSparseMatrix( indices=indices, values=values, dense_shape=dense_shape) ``` The code assumes `dense_shape` is a vector and `indices` is a matrix (as part of requirements for sparse tensors) but there is no validation for this: ```cc const Tensor& indices = ctx->input(0); const Tensor& values = ctx->input(1); const Tensor& dense_shape = ctx->input(...

CVE-2023-31478: CVE-issues/SSID_Key_Disclosure.md at main · gl-inet/CVE-issues

An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key.

CVE-2020-0590: INTEL-SA-00358

Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

GHSA-733v-p3h5-qpq7: GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation

### Summary A query cost restriction using the `cost-limit` can be bypassed if `ignoreIntrospection` is enabled (which is the default configuration) by naming your query/fragment `__schema`. ### Details At the start of the `computeComplexity` function, we have the following check for `ignoreIntrospection` option: ```ts if (this.config.ignoreIntrospection && 'name' in node && node.name?.value === '__schema') { return 0; } ``` However, the `node` can be `FieldNode | FragmentDefinitionNode | InlineFragmentNode | OperationDefinitionNode | FragmentSpreadNode` So, for example, sending the following query ```gql query hello { books { title } } ``` would create an `OperationDefinitionNode` with `node.name.value == 'hello'` The proper way to handle this would be to check for the `__schema` field, which would create a `FieldNode`. The fix is ```ts if ( this.config.ignoreIntrospection && 'name' in node && node.name?.value === '__schema' && ...

RHSA-2021:3057: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: race condition in net/can/bcm.c leads to local privilege escalation (CVE-2021-3609) * kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543) * kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Urgent: Missing dptf_power.ko module in RHEL8 (BZ#19683...