Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 77 ms.

CVE-2022-31795: Technical Advisory – FUJITSU CentricStor Control Center <= V8.1 – Unauthenticated Command Injection

An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the grel_finfo function in grel.php. An attacker is able to influence the username (user), password (pw), and file-name (file) parameters and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.

CVE
#vulnerability#web#mac#php#rce#pdf#auth#ssh
RHSA-2022:9096: Red Hat Security Advisory: Red Hat OpenShift support for Windows Containers 7.0.0 [security update]

The components for Red Hat OpenShift support for Windows Container 7.0.0 are now available. This product release includes bug fixes and a moderate security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-25749: kubelet: runAsNonRoot logic bypass for Windows containers * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter *...

GHSA-jqcp-xc3v-f446: fast-float2 has a segmentation fault due to lack of bound check

In this case, the "fast_float2::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses invalid memory address when it takes an empty string as its input. This approach violates Rust’s memory safety guarantees, as it can lead to invalid memory access if empty buffer is provided.

GHSA-7cjh-xx4r-qh3f: sentry-android unmasked sensitive data in Android Session Replays for users of Jetpack Compose 1.8+

### Impact Under specific circumstances, text composables may contain unmasked sensitive data in Android session replays. You may be impacted if you meet the following conditions: - Using any `sentry-android` with versions < 8.14.0 - Using Jetpack Compose >= [1.8.0-alpha08](https://developer.android.com/jetpack/androidx/releases/compose-ui#1.8.0-alpha08) - Have configured Sentry Session Replays for Android If you do not use Jetpack Compose or have never used a version >= 1.8.0-alpha08 you are not impacted. If you have not configured [Session Replays for Mobile](https://docs.sentry.io/product/explore/session-replay/mobile/) you are not impacted. ### How do I check if I'm impacted? If you meet the conditions above, the `sentry-android` package includes a [specific error log](https://github.com/getsentry/sentry-java/blob/b2920907e6afb69a8027cedb251dd94a3514f0e6/sentry-android-replay/src/main/java/io/sentry/android/replay/viewhierarchy/ComposeViewHierarchyNode.kt#L252-L261) that woul...

CVE-2019-13385: ChangeLog for CentOS 7 | Control Web Panel

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log.

GHSA-g7j7-h4q8-8w2f: Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentials

### Impact An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where sensitive fields, like passwords, API keys and Rancher's service account token (used to provision clusters), were stored in plaintext directly on Kubernetes objects like `Clusters`, for example `cluster.management.cattle.io`. Anyone with read access to those objects in the Kubernetes API could retrieve the plaintext version of those sensitive data. The exposed credentials are visible in Rancher to authenticated `Cluster Owners`, `Cluster Members`, `Project Owners`, `Project Members` and `User Base` on the endpoints: - `/v1/management.cattle.io.catalogs` - `/v1/management.cattle.io.cluster` - `/v1/management.cattle.io.clustertemplates` - `/v1/management.cattle.io.notifiers` - `/v1/project.cattle.io.sourcecodeproviderconfig` - `/k8s/clusters/local/apis/management.cattle.io/v3/catalogs` - `/k8s/clusters/local/apis/management.cattle.io/v3/clusters` - `/k8s/clusters/local/apis/management.catt...

RHSA-2022:7935: Red Hat Security Advisory: pcs security, bug fix, and enhancement update

An update for pcs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1049: pcs: improper authentication via PAM

CVE-2023-29746: Thaiger

An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files.

The State of Kubernetes Security in 2024

The State of Kubernetes Security for 2024 report shows us that as the popularity of Kubernetes grows, the more important security planning and tooling becomes. Our annual report examines some of the most common cloud-native security challenges and business impacts that organizations face today, helping us to better understand their practices and priorities.The report is based on a survey of 600 DevOps, engineering and security professionals around the world in organizations ranging from small companies to large enterprises. It delivers insights into the following:Specific security risks facing

CVE-2023-27385: Heap-based buffer overflow vulnerability in OMRON CX-Drive

Heap-based buffer overflow vulnerability exists in CX-Drive All models V3.01 and earlier. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclosed.