lenovo warranty check/lookup | check warranty status | lenovo support us

An update for convert2rhel is now available for Convert2RHEL for RHEL-8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0851: convert2rhel: Activation key passed via command line by code

Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data.

Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY (HPGP) power-line communication (PLC) technology. The attack interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. The attack can be conducted wirelessly from a distance using electromagnetic interference, allowing individual vehicles or entire fleets to be disrupted simultaneously. In addition, the attack can be mounted with off-the-shelf radio hardware and minimal technical knowledge. With a power budget of 1 W, the attack is successful from around 47 m distance. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 & ISO 15118 standards and all known implementations exhibit it. In addition to electric cars, Brokenwire affect...

?The affected product does not perform an authentication check and performs some dangerous functionality, which could result in unauthenticated remote code execution.0

In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed

BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken.

### Summary Graylog utilises only one single source port for DNS queries. ### Details Graylog seems to bind a single socket for outgoing DNS queries. That socket is bound to a random port number which is not changed again. This goes against recommended practice since 2008, when Dan Kaminsky discovered how easy is to carry out DNS cache poisoning attacks. In order to prevent cache poisoning with spoofed DNS responses, it is necessary to maximise the uncertainty in the choice of a source port for a DNS query. ### PoC The attached figure shows the source ports distribution difference between Graylog configured to use a data adapter based on DNS queries and ISC Bind. The source port distribution of the DNS queries sent from Graylog to a recursive DNS name server running Bind (CLIENT_QUERY) are depicted in purple, while the queries sent from the recursive DNS server to the authoritatives (RESOLVER_QUERY) are plotted in green color. As it can be observed, in contrast to ISC Bind which ...

### Summary The function `lookupPreprocess()` is meant to apply some transformations to a string by disabling characters in the regex `[-_ .]`. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypass that validation and re-introduce all the characters in the regex `[-_ .]`. ```go // lookupPreprocess applies transformations to s so that it can be compared // to search for something. // For example, it is used by (ThemeStore).Lookup func lookupPreprocess(s string) string { return strings.ToLower(norm.NFKD.String(regexp.MustCompile(`[-_ .]`).ReplaceAllString(s, ""))) } ``` Take the following equivalent Unicode character U+2024 (․). Initially, the `lookupPreprocess()` function would compile the regex and replace the regular dot (.). However, the U+2024 (․) would bypass the `ReplaceAllString()`. When the normalization operation is applied to U+2024 (․), the resulting character will be U+002E (.). Thus, the dot was reintroduced back. ### Impact The...

The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 allows Local Privilege Escalation.

All security issues have been patched – update now