Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 50 ms.

CVE-2023-49276: Attribute Injection leading to XSS(Cross-Site-Scripting)

Uptime Kuma is an open source self-hosted monitoring tool. In affected versions the Google Analytics element in vulnerable to Attribute Injection leading to Cross-Site-Scripting (XSS). Since the custom status interface can set an independent Google Analytics ID and the template has not been sanitized, there is an attribute injection vulnerability here, which can lead to XSS attacks. This vulnerability has been addressed in commit `f28dccf4e` which is included in release version 1.23.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE
#xss#vulnerability#google#firefox
CVE-2021-3450: OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT

*Why is this OpenSSL Software Foundation CVE included in the Security Update Guide?* The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

CVE-2022-28560: -Router-vulnerability/Tenda AC9 at main · iot-firmeware/-Router-vulnerability

There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload

CVE-2021-32923: HashiCorp Blog: Vault

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2.

CVE-2023-50454: Security Advisory ZAA-2023-04 | Zammad

An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers.

CVE-2020-36618: fix(vulnerability): Prototype Pollution Vulnerability (#105) · FurqanSoftware/node-whois@46ccc2a

A vulnerability classified as critical has been found in Furqan node-whois. Affected is an unknown function of the file index.coffee. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to launch the attack remotely. The name of the patch is 46ccc2aee8d063c7b6b4dee2c2834113b7286076. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216252.

CVE-2022-27438: We make great software products.

Caphyon Ltd Advanced Installer 19.2 was discovered to contain a remote code execution (RCE) vulnerability via the Update Check function.

CVE-2023-25780: 狀態網際網路 PowerBPM - Broken Access Control

It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence.

Xangle and Republic Crypto Collaborate to Boost Asian Web3 Adoption

By Waqas South Korean Web3 Leader Xangle Joins Forces with US Firm Republic Crypto in Strategic Partnership. This is a post from HackRead.com Read the original post: Xangle and Republic Crypto Collaborate to Boost Asian Web3 Adoption

CVE-2023-42449: Malicious head initialiser can extract PTs from control of Hydra scripts, leading to locked participant commits or spoofed commits

Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed check for burning the head ST in the `initial` validator. This is possible because it is not checked in `HeadTokens.hs` that the datums of the outputs at the `initial` validator are equal to the real head ID, and it is also not checked in the `off-chain code`. During the `Initial` state of the protocol, if the malicious initializer removes a PT from the Hydra scripts it becomes impossible for any other participant to reclaim any funds they have attempted to commit into the head, as to do so the Abort transaction must burn all the PTs for the head, but they cannot burn the PT which the attacker controls and so cannot satisfy this requirement. That means the initializer can lock the other partici...