lenovo warranty check/lookup | check warranty status | lenovo support us

Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel.

Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.

Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN.

## Overview OpenFGA v1.5.7 and v1.5.8 are vulnerable to authorization bypass when calling Check API with a model that uses `but not` and `from` expressions and a userset. For example, with a model like the following ``` model schema 1.1 type user type role relations define assignee: [user] type permission relations define assignee: assignee from role define role: [role] type job relations define can_read: [permission#assignee] define problem: [user] but not can_read ``` and these tuples: ``` user:1, problem, job:1 user:1, assignee, role:admin role:admin, role, permission:readJobs permission:readJobs#assignee, can_read, job:1 ``` A query such as `Check(object=job:1, relation=problem, user=user:1)` will return `allowed=true` when the correct response is `allowed=false`. ## Fix Downgrade to v1.5.6 as soon as possible. This downgrade is backward compatible. We are currently working on a fix which will be included in the n...

An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges.

### Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET Core 3.1, NuGet (NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat version range from 3.5.0 to 6.2.0). This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET Core 3.1, and NuGet (NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat version range from 3.5.0 to 6.2.0) where a nuget.org api key could leak due to an incorrect comparison with a server url. ### Affected software #### NuGet & NuGet Packages - Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat 6.2.0 version or earlier. - Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat 6.0.1 version or earlier. - Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat 5.11.1 version or earlier. - Any NuG...

The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_set_featured_image function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the featured image of arbitrary posts with an image that exists in the media library.

Iranian spies posing as technical support agents contacted targeted individuals in Israel, Palestine, Iran, the UK, and the US on WhatsApp

TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.