Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 47 ms.

CVE-2018-10866: Invalid Bug ID

It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him.

CVE
#auth
CVE-2020-35518: Invalid Bug ID

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

CVE-2023-36220: My site

Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.

Apple Security Advisory 09-16-2024-7

Apple Security Advisory 09-16-2024-7 - Xcode 16 addresses unauthorized access issues.

CVE-2022-0727: Check video privacy when creating comments/rates · Chocobozzz/PeerTube@6ea9295

Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0.

US Privacy Snags a Win as Judge Limits Warrantless FBI Searches

Plus: A hacker finds an issue with Cloudflare’s systems that could reveal app users’ rough locations, and the Trump administration puts a wrench in a key cybersecurity investigation.

Warning: Online shopping threats to avoid this Black Friday and Cyber Monday 

Where there’s a gift to be bought, there’s also a scammer out to make money. Here's how to stay safe this shopping season.

GHSA-qg73-g3cf-vhhh: NocoDB Allows Preview of Files with Dangerous Content

### Summary --- Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSS(Cross-Site Script) attack. ### PoC --- NocoDB was configured using the Release Binary `Noco-macos-arm64`, and nocodb version 0.202.9 (currently the latest version) was used. binary hash infos: md5(164b727f287af56168bc16fba622d0b4) / sha256(43e8e97f4c5f5330613abe071a359f84e4514b7186f92954b678087c37b7832e) <img width="665" alt="image" src="https://user-images.githubusercontent.com/86613161/287472673-aeb60a02-2080-429f-8583-9f130ab62779.png"> ### 1. Run the binary to start the server and access the arbitrary table dashboard. <img width="830" alt="image" src="https://user-images.githubusercontent.com/86613161/287472852-98b2286e-ad66-45bf-b503-63780619d775.png"> Here, used the default `Features` table. ### 2. Click `+` in the table `field header` to add an `attachment` field. <img width="1173" alt="image" src="https://us...

GHSA-4w2j-2rg4-5mjw: vm2 vulnerable to Arbitrary Code Execution

The package vm2 before 3.9.10 is vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise.