lenovo warranty check/lookup | check warranty status | lenovo support us

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

Nexpose v5.7.2 and prior is vulnerable to a XML External Entity attack via a number of vectors. This vulnerability can allow an attacker to a craft special XML that could read arbitrary files from the filesystem. This Metasploit module exploits the vulnerability via the XML API.

This Metasploit module exploits an information disclosure vulnerability in the Views module of Drupal, brute-forcing the first 10 usernames from a to z. Drupal 6 with Views module less than or equal to 6.x-2.11 are vulnerable. Drupal does not consider disclosure of usernames as a weakness.

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfm_send_file_in_email AJAX action. This makes it possible for unauthenticated attackers to send emails using the site with a custom subject, recipient email, and body with unsanitized HTML content. This effectively lets the attacker use the site as a spam relay.

Ubuntu Security Notice 6417-1 - It was discovered that the eBPF implementation in the Linux kernel contained a race condition around read-only maps. A privileged attacker could use this to modify read-only maps. It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service.

An update for opencryptoki is now available for Red Hat Enterprise Linux 8.The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z). The opencryptoki packages also bring a software token implementation that can be used without any cryptographic hardware. These packages contain the Slot Daemon (pkcsslotd) and general utilities. Bug Fix(es) and Enhancement(s): * RHEL8.5 - openCryptoki: Soft token does not check if an EC key is valid (BZ#1979173) Related CVEs: * CVE-2021-3798: openCryptoki: Soft token does not check if an EC key is valid

An update for linuxptp is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The linuxptp packages provide Precision Time Protocol (PTP) implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces (API) offered by the Linux kernel. Security Fix(es): * linuxptp: missing length check of forwarded messages (CVE-2021-3570) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-3570: linuxptp...

An update for linuxptp is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The linuxptp packages provide Precision Time Protocol (PTP) implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces (API) offered by the Linux kernel. Security Fix(es): * linuxptp: missing length check of forwarded messages (CVE-2021-3570) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-3570: linuxptp...

Founders Fund leads $100 million Series-C financing, gaining the email security startup unicorn status two years after its launch.