lenovo warranty check/lookup | check warranty status | lenovo support us

A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code.

A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

The package cycle-import-check before 1.3.2 are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization.

The federal indictment of two alleged members of the Terrorgram Collective, a far-right cell accused of inspiring “lone wolf” attacks, reveals the US is now using a “forgotten” legal strategy.

### Impact The implementation of [`tf.raw_ops.DeleteSessionTensor`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/session_ops.cc#L128-L144) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf handle = tf.constant("[]", shape=[0], dtype=tf.string) tf.raw_ops.DeleteSessionTensor(handle=handle) ``` The code assumes `handle` is a scalar but there is no validation for this: ```cc const Tensor& handle = ctx->input(0); const string& name = handle.scalar<tstring>()(); ``` ### Patches We have patched the issue in GitHub commit [cff267650c6a1b266e4b4500f69fbc49cdd773c5](https://github.com/tensorflow/tensorflow/commit/cff267650c6a1b266e4b4500f69fbc49cdd773c5). The fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4...

### Impact The implementation of [`tf.raw_ops.StagePeek`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/stage_op.cc#L261) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf index = tf.constant([], shape=[0], dtype=tf.int32) tf.raw_ops.StagePeek(index=index, dtypes=[tf.int32]) ``` The code assumes `index` is a scalar but there is no validation for this before accessing its value: ```cc std::size_t index = ctx->input(0).scalar<int>()(); ``` ### Patches We have patched the issue in GitHub commit [cebe3c45d76357d201c65bdbbf0dbe6e8a63bbdb](https://github.com/tensorflow/tensorflow/commit/cebe3c45d76357d201c65bdbbf0dbe6e8a63bbdb). The fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as these are also affected and...

### Impact The implementation of [`tf.raw_ops.GetSessionTensor`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/session_ops.cc#L94-L112) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf handle = tf.constant("[]", shape=[0], dtype=tf.string) tf.raw_ops.GetSessionTensor(handle=handle) ``` The code assumes `handle` is a scalar but there is no validation for this: ```cc const Tensor& handle = ctx->input(0); const string& name = handle.scalar<tstring>()(); ``` ### Patches We have patched the issue in GitHub commit [48305e8ffe5246d67570b64096a96f8e315a7281](https://github.com/tensorflow/tensorflow/commit/48305e8ffe5246d67570b64096a96f8e315a7281). The fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as th...

avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.

A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.