Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 50 ms.

CVE-2022-21917: HEVC Video Extensions Remote Code Execution Vulnerability

**How could this vulnerability affect my system** A crafted image file could cause a crash in Explorer during browsing of the directory containing the file. **How do I get the updated app?** The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. **My system is in a disconnected environment; is it vulnerable?** Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. **How can I check if the update is installed?** If your device manufacturer preinstalled this app, package versions **1.0.43421.0** and later contain this update. If you purchased this app from the Microsoft Store, package versions **1.0.43422.0** and later contain this update. You can ch...

Microsoft Security Response Center
#vulnerability#microsoft#Microsoft Windows Codecs Library#Security Vulnerability
GHSA-2jpx-h8j2-g8m4: Exposure of system-scoped Kubernetes credentials in Jenkins Kubernetes Credentials Provider Plugin

Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to.

CVE-2022-41906: Disable following redirects for webhooks by qreshi · Pull Request #507 · opensearch-project/notifications

OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin 2.2.0 and below could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin's intended scope. OpenSearch 2.2.1+ contains the fix for this issue. There are currently no recommended workarounds.

CVE-2021-30155: ChangeContentModel when a rule was met

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page.

CVE-2022-34443: DSA-2022-281: Dell Rugged Control Center Security Update for an Improper Input Validation Vulnerability

Dell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Service EndPoint. A Local Low Privilege attacker could potentially exploit this vulnerability, leading to an Escalation of privileges.

BYOB Unauthenticated Remote Code Execution

This Metasploit module exploits two vulnerabilities in the BYOB (Build Your Own Botnet) web GUI. It leverages an unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user. It also uses an authenticated command injection in the payload generation page. These vulnerabilities remain unpatched.

A Coordinated Swatting Spree Is Targeting US Schools

Sixteen states collectively suffered more than 90 false reports of school shooters during three weeks in September—and many appear to be connected.

The Hidden Race to Protect the US Bioeconomy From Hacker Threats

A biotech threat intelligence group is gaining supporters as urgency mounts around an overlooked vulnerable sector.

CVE-2022-26954: [CVE-2022-26954] Multiple Open Redirects in NopCommerce

Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the (1) ChangePassword function, (2) SignInCustomerAsync function, (3) SuccessfulAuthentication method, or (4) NopRedirectResultExecutor class.

CVE-2022-28870: CVE-2022-28870 | F-Secure

A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails.