lenovo warranty check/lookup | check warranty status | lenovo support us

Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz.

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path. The vulnerability has been fixed in v2.5.1. There are no workarounds.

A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.

We are pleased to announce the release of Red Hat OpenShift Service Mesh 2.5. OpenShift Service Mesh is based on the Istio and Kiali projects, and is included as part of all subscription levels of Red Hat OpenShift. OpenShift Service Mesh 2.5 updates the underlying version of Istio to 1.18 and Kiali to 1.73.This release includes updates from Istio 1.17 and 1.18 including subsequent patch releases up to Istio 1.18.7. Most notably, this includes support for Certificate Revocation Lists for external traffic, “developer preview” support for dual-stack IPv4/IPv6, and updates to Gateway API. Thi

Chat app Signal will shield users' phone numbers by default from now on. Check whether you need to change your settings to adapt to the new version

An email campaign lures users with a voicemail notification to enter their Office 365 credentials on a fake login page. The post Watch out for the email that says “You have a new voicemail!” appeared first on Malwarebytes Labs.

Categories: News Categories: Privacy Meta is being sued by a couple of its users for allegedly deliberately circumventing Apple's privacy features on the iPhone. (Read more...) The post Facebook users sue Meta for allegedly building "secret workaround" to Apple privacy safeguards appeared first on Malwarebytes Labs.

The Pakistan-based advanced persistent threat (APT) actor known as Transparent Tribe used a two-factor authentication (2FA) tool used by Indian government agencies as a ruse to deliver a new Linux backdoor called Poseidon. "Poseidon is a second-stage payload malware associated with Transparent Tribe," Uptycs security researcher Tejaswini Sandapolla said in a technical report published this week.