lenovo warranty check/lookup | check warranty status | lenovo support us

### Impact `next-auth` applications using OAuth provider versions before `v4.20.1` are affected. A bad actor who can spy on the victim's network or able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to **log in as the victim**, bypassing the CSRF protection. As an example, an attack can happen in the following scenario. > TL;DR: The attacker steals the victim's authenticated callback by intercepting and tampering with the authorization URL created by `next-auth`. 1. The victim attempts to log in to the `next-auth` site. For example https://next-auth-example.vercel.app/ 2. `next-auth` sets the `checks` cookies according to how the OAuth provider is configured. In this case, `state` and `pkce` are set by default for the Google Provider. <img width="1971" alt="Screen Shot 2023-03-03 at 09 54 26" src="https://user-images.githubusercontent.com/31528554/222619750-a2062bb8-99eb-4985-a75c-d75acd3da67e.png"> 3. The at...

Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript code via a crafted string in the field "Friendly Name 1".

Open source utility exposes payloads without running vulnerable Java code

api/views/user.py in LibrePhotos before e19e539 has incorrect access control.

TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim` does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of `Dim` would access elements before the start of an array. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.

### Impact gnark provides a gadget in the standard library to allow optimized checking of the bitwidth of the inputs. The gadget works by constructing a fixed lookup table containing all valid entries, partitioning the input and checking that all parts are inside the lookup table. The range checker gadget did not take into account that the highest partition may be less than the width limit, allowing the inputs to be up to 16 bits wider than checked. Range checking gadget is extensively used in field emulation. Users using any dependant gadget (ECDSA verification, proof recursion etc.) is impacted. We consider the impact of the vulnerability being low as the number of attacker-modifiable bits is significantly smaller compared to the bit-width of scalar field modulus and it won't be possible to construct inputs which would allow to overflow the scalar field. ### Patches The issue has been patched in the stable branch of gnark. Due to low severity of the issue no emergency release ...

By Deeba Ahmed Undetected for Over 11 Months, AsyncRAT Lurked on Systems of Sensitive US Agencies with Critical Infrastructures, reports the… This is a post from HackRead.com Read the original post: AsyncRAT Infiltrates Key US Infrastructure Through GIFs and SVGs

NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.