Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 49 ms.

CVE-2022-4360: Security Bulletin

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

CVE
#sql#vulnerability#web#linux#wordpress#php#perl#auth#firefox
Ansible Agent Payload Deployer

This exploit module creates an ansible module for deployment to nodes in the network. It creates a new yaml playbook which copies our payload, chmods it, then runs it on all targets which have been selected (default all).

CVE-2020-13162: Pulse Secure Client for Windows <9.1.6 TOCTOU Privilege Escalation (CVE-2020-13162) - Red Timmy Security

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.

CVE-2022-26068: fix(swagger/security): ensure that the requested file is in the UI directory by Tachi107 · Pull Request #1065 · pistacheio/pistache

This affects the package pistacheio/pistache before 0.0.3.20220425. It is possible to traverse directories to fetch arbitrary files from the server.

BlackNET 3.7.0.0 Missing Authentication / File Deletion / Traversal

BlackNET version 3.7.0.0 appears to allow unauthenticated access to modify data and suffers from arbitrary file deletion and directory traversal vulnerabilities while authenticated.

Red Hat Security Advisory 2024-8117-03

Red Hat Security Advisory 2024-8117-03 - An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, Red Hat Enterprise Linux 9.2 Extended Update Support, and Red Hat Enterprise Linux 9. Issues addressed include buffer overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2024-8121-03

Red Hat Security Advisory 2024-8121-03 - An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, Red Hat Enterprise Linux 9.2 Extended Update Support, and Red Hat Enterprise Linux 9. Issues addressed include buffer overflow and integer overflow vulnerabilities.

CVE-2021-41388: NSKPSA-2021-002

Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level.

CVE-2023-0790: fix: added missing check on email address · thorsten/phpMyFAQ@f34d84d

Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CVE-2022-48256: DnsServer/CHANGELOG.md at master · TechnitiumSoftware/DnsServer

Technitium DNS Server before 10.0 allows a self-CNAME denial-of-service attack in which a CNAME loop causes an answer to contain hundreds of records.