Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 43 ms.

CVE-2020-5390: Release Version 5.0.0 - Security release · IdentityPython/pysaml2

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertion that have been signed.

CVE
#vulnerability#mongo
How ChatGPT—and Bots Like It—Can Spread Malware

Generative AI is a tool, which means it can be used by cybercriminals, too. Here’s how to protect yourself.

Apache NiFi H2 Connection String Remote Code Execution

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. This exploit will result in several shells (5-7). Successfully tested against Apache nifi 1.17.0 through 1.21.0.

Microsoft, DOJ Dismantle Russian Hacker Group Star Blizzard

The successful disruption of notorious Russian hacker group Star Blizzard's operations arrives one month out from the US presidential election — one of the APT's prime targets.

CVE-2023-5821: Changeset 1263536 for wp-responsive-slider-with-lightbox/trunk/wp-responsive-slider-with-lightbox.php – WordPress Plugin Repository

The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

GHSA-f5x6-7qgp-jhf3: ecrecover can return undefined data if signature does not verify

### Impact the ecrecover precompile does not fill the output buffer if the signature does not verify, see https://github.com/ethereum/go-ethereum/blob/b058cf454b3bdc7e770e2b3cec83a0bcb48f55ee/core/vm/contracts.go#L188. however, the ecrecover builtin will still return whatever is at memory location 0. this means that the if the compiler has been convinced to write to the 0 memory location with specially crafted data (generally, this can happen with a hashmap access or immutable read) just before the ecrecover, a signature check might pass on an invalid signature. ### Patches v0.3.10 ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ ### References _Are there any links users can visit to find out more?_

North Korean State Actors Deploy Surgical Ransomware in Ongoing Cyberattacks on US Healthcare Orgs

US government warns healthcare and public-health organizations to expect continued attacks involving the manually operated "Maui" ransomware.

CVE-2021-0185: INTEL-SA-00708

Improper input validation in the firmware for some Intel(R) Server Board M10JNP Family before version 7.216 may allow a privileged user to potentially enable an escalation of privilege via local access.

CVE-2022-34841: INTEL-SA-00731

Improper buffer restrictions in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.