Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 64 ms.

CVE-2010-0007: security - Re: CVE Request: kernel ebtables perm check

net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application.

CVE
#web#mac#windows#linux#git#php#auth
US and China Exposed Most Databases Among 308,000 Discovered in 2021

By Waqas In total, 308,000 unsecured databases were found exposing sensitive assets worldwide of which around 90,000 databases have already… This is a post from HackRead.com Read the original post: US and China Exposed Most Databases Among 308,000 Discovered in 2021

US Cyber Trust Mark logo for smart devices is coming

The White House has launched the Cyber Trust Mark to assist consumers in their quest to buy cybersecure internet connected devices.

CVE-2020-8507: Information Security & Privacy Advisories

The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics.

GHSA-wm63-7627-ch33: @vendure/core's insecure currencyCode handling allows wrong payment amounts

### Impact Currently, in many Vendure deployments it's possible to select any currencyCode (really any, doesn't need to be assigned to the channel) and pay through Mollie and Stripe in that particular currencyCode. The prices are not transformed. The result is the Order is in Payment Settled in the foreign currency. See SS, CZK is not in the channel. I've tested with Mollie and Stripe it both works. **Further notes** After looking into this further and with help from the comments below, the root cause of this vulnerability is the ability to specify an arbitrary `currencyCode` as a query parameter to an API call, and then Vendure will use this and pass it to the rest of the system as `RequestContext.currencyCode`. The solution is to add validation to the passed `currencyCode` to ensure that it matches one of the available `availableCurrencyCodes` of the active Channel. Furthermore, an additional check has been added for when the currencyCode changes during the AddingItems stage - i...

mtk-jpeg Driver Out-Of-Bounds Read / Write

An out-of-bounds read / write due to missing bounds check in the mtk-jpeg driver can lead to memory corruption and potential escalation of privileges.

Red Hat Security Advisory 2022-1437-01

Red Hat Security Advisory 2022-1437-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements.

CVE-2023-24835: 中華數位科技 SPAM SQR全方位郵件過濾平台 - Code Injection

Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. An authenticated remote attacker with administrator privilege can exploit this vulnerability to execute arbitrary system command to perform arbitrary system operation or disrupt service.

CVE-2022-41697: TALOS-2022-1625 || Cisco Talos Intelligence Group

A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability.

CVE-2021-21799: TALOS-2021-1270 || Cisco Talos Intelligence Group

Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability.