Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 71 ms.

CVE-2023-28238: Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation: Only systems with the IKE and AuthIP IPsec Keying Modules running are vulnerable to this attack. You can run either of the following commands to check the running status of this service: PS: C:\> Get-Service Ikeext * OR Cmd: C:\> sc query ikeext This mitigation could have negative affects on your IPSec functionality. Microsoft strongly recommends updating your system with the latest Windows security updates.

Microsoft Security Response Center
#vulnerability#web#windows#microsoft#rce#auth#Windows Internet Key Exchange (IKE) Protocol#Security Vulnerability
CVE-2023-3124: High severity vulnerability fixed in WordPress Elementor Pro plugin.

The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update arbitrary site options, which can lead to privilege escalation.

CVE-2021-43958: [CRUC-8523] CVE-2021-43958: Various rest resources missing CAPTCHA for failed user login attempts

Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability.

RHSA-2021:4827: Red Hat Security Advisory: OpenShift Container Platform 3.11.569 security update

Red Hat OpenShift Container Platform release 3.11.569 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-21685: jenkins: FilePath#mkdirs does not check permission to create parent directories * CVE-2021-21686: jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories * CVE-2021-21687: jenkins: FilePath#unt...

CVE-2022-28696: INTEL-SA-00684

Uncontrolled search path in the Intel(R) Distribution for Python before version 2022.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-21229: INTEL-SA-00665

Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Kit drivers before version 2.2.0.22 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-20624: Cisco Security Advisory: Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability

A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of incoming CFSoIP packets. An attacker could exploit this vulnerability by sending crafted CFSoIP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

CVE-2016-15010: Fix lack of escaping (and so XSS vuln.) in select2 calls · uisautomation/django-ucamlookup@5e25e47

** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.2 is able to address this issue. The name of the patch is 5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3. It is recommended to upgrade the affected component. The identifier VDB-217441 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

US airline industry quietly selling flight data to DHS

Flight data of US customers is being sold by several airlines through a joint data broker sending contracts to ICE and CBP.

Donald Trump's Mug Shot Matters in a World of Fakes

The first booking photo of a US president stands out among a sea of photoshops and AI-generated images online.