Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 50 ms.

CVE-2020-13434: SQLite: View Ticket

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

CVE
#sql
Ubuntu Security Notice USN-5735-1

Ubuntu Security Notice 5735-1 - It was discovered that Sysstat did not properly check bounds when performing certain arithmetic operations on 32 bit systems. An attacker could possibly use this issue to cause a crash or arbitrary code execution.

ICE Started Ramping Up Its Surveillance Arsenal Immediately After Donald Trump Won

US Immigration and Customs Enforcement put out a fresh call for contracts for surveillance technologies before an anticipated surge in the number of people it monitors ahead of deportation hearings.

RHSA-2022:1107: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-0920: kernel: Use After Free in unix_gc() which could result in a local privilege escalation * CVE-2021-4083: kernel: fget: check that the fd still exists after getting a ref to it * CVE-2022-0330: ker...

CVE-2023-20083: Cisco Security Advisory: Cisco Firepower Threat Defense Software ICMPv6 with Snort 2 Denial of Service Vulnerability

A vulnerability in ICMPv6 inspection when configured with the Snort 2 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the CPU of an affected device to spike to 100 percent, which could stop all traffic processing and result in a denial of service (DoS) condition. FTD management traffic is not affected by this vulnerability. This vulnerability is due to improper error checking when parsing fields within the ICMPv6 header. An attacker could exploit this vulnerability by sending a crafted ICMPv6 packet through an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition. Note: To recover from the DoS condition, the Snort 2 Detection Engine or the Cisco FTD device may need to be restarted.

23andMe and its customers’ genetic data bought by a pharmaceutical org

The bankrupt 23andMe, along with all of its genetic data, has been bought by US drugmaker Regeneron Pharmaceuticals.

CVE-2022-29220: Merge pull request from GHSA-v5vr-h3xq-8v6w · fastify/github-action-merge-dependabot@309f395

github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs). Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit created by dependabot is verified with the proper GPG key. There is just a check if the actor is set to `dependabot[bot]` to determine if the PR is a legit PR. Theoretically, an owner of a seemingly valid and legit action in the pipeline can check if the PR is created by dependabot and if their own action has enough permissions to modify the PR in the pipeline. If so, they can modify the PR by adding a second seemingly valid and legit commit to the PR, as they can set arbitrarily the username and email in for commits in git. Because the bot only checks if the actor is valid, it would pass the malicious changes through and merge the PR automatically, without getting noticed by project maintainers. It would probably not be possible to determine where the malicious commit came from, as it would ...

Attackers Keep Targeting the US Electric Grid

Plus: Chinese hackers stealing US Covid relief funds, a cyberattack on the Met Opera website, and more.

CVE-2023-4012: segfault in libcrypto.so (#794) · Issues · NTPsec / ntpsec · GitLab

ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3).