Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 71 ms.

CVE-2023-28130: Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and services

Local user may lead to privilege escalation using Gaia Portal hostnames page.

CVE
Open in Source
CVE-2023-28133: Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and services

Local privilege escalation in Checkpoint Endpoint Security (version E87.30) via crafted OpenSSL configuration file

CVE
Open in Source
#ssl
CVE-2022-3990: Privilege escalation via HPSFViewer | HP® Customer Support

HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation.

GHSA-3hv4-r2fm-h27f: Email Validation Bypass And Preventing Sign Up From Email's Owner

### Summary Email validation can easily be bypassed because `verify_email_enabled` option enable email validation at sign up only. A user changing it's email after signing up (and verifying it) can change it without verification in `/profile`. This can be used to prevent legitimate owner of the email address from signing up. Another way to prevent email's owner from signing up is by setting Username as an email: When a new user is registrering, they can set two different email addresses in the Email and Username field, technically having 2 email addresses (because Grafana handles usernames and emails the same in some situations), but only the former is validated. ![](https://user-images.githubusercontent.com/44581623/282073913-c1a8c20b-b6c3-46eb-840c-9e0dae718a2a.png) Here user a prevents owner of [email protected] to signup. ### Details I don't know exact location but this is related to PUT /api/user handler. ### PoC Bypass email validation: * Start a new grafana instance using lat...

CVE-2022-38068: Export Post Info

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apasionados Export Post Info plugin <= 1.1.0 at WordPress.

CVE-2022-22425: Security Bulletin: IBM InfoSphere Information Server is potentially vulnerable to CSV Injection (CVE-2022-22425)

"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 223598."

CVE-2022-40752: Security Bulletin: IBM InfoSphere DataStage is vulnerable to a command injection vulnerability [CVE-2022-40752]

IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID: 236687.

CVE-2022-34319: IBM CICS TX Advanced is vulnerable to an attacker decrypting highly sensitive information (CVE-2022-34319).

IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229463.

CVE-2022-34329: Security Bulletin: IBM CICS TX Advanced could allow an attacker to obtain sensitive information from HTTP response headers (CVE-2022-34329).

IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467.

CVE-2022-34320: IBM CICS TX Advanced is vulnerable to attack because it uses weak crytopgraphic algorithms (CVE-2022-34320).

IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229464.