lenovo warranty check/lookup | check warranty status | lenovo support us

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.

# Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. A vulnerability exists in ASP.NET Core applications calling RefreshSignInAsync with an improperly authenticated user parameter that could allow an attacker to sign into another user's account, resulting in Elevation of Privilege. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/348 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any ASP.NET Core 9.0 application running on AS...

Quick Heal Total Security before 12.1.1.27 has a TOCTOU race condition that leads to privilege escalation. It may follow a symlink that was created after a malware check.

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4083: kernel: fget: check that the fd still exists after getting a ref to it * CVE-2022-0330: kernel: possible privileges escalation due to missing TLB flush * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation * CVE-2022-0847: kernel: improper initialization of the "flags" member of the n...

Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.

Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn't check whether it's associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue.

### Impact The [macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.)](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/platform/default/logging.h) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. ### Patches We have patched the issue in GitHub commit [b917181c29b50cb83399ba41f4d938dc369109a1](https://github.com/tensorflow/tensorflow/commit/b917181c29b50cb83399ba41f4d938dc369109a1) (merging GitHub PR [#55730](https://github.com/tensorflow/tensorflow/pull/55730)). The fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more informati...

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution * CVE-2022-25236: expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution * CVE-2022-25315: expat: Integer overflow in storeRawNames() * CVE-2022-26381: Mozilla: Use-after-free in te...

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution * CVE-2022-25236: expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution * CVE-2022-25315: expat: Integer overflow in storeRawNames() * CVE-2022-26381: Mozilla: Use-after-free in te...

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist/<version>/check endpoint. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1.