lenovo warranty check/lookup | check warranty status | lenovo support us

ZKSecurity BIO version 3.0.5.0_R suffers from a privilege escalation vulnerability.

Data from a Chinese cybersecurity vendor that works for the Chinese government exposed a range of hacking tools and services.

Red Hat Security Advisory 2023-5603-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.

Ubuntu Security Notice 5503-2 - USN-5503-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Demi Marie Obenour discovered that GnuPG incorrectly handled injection in the status message. A remote attacker could possibly use this issue to forge signatures.

As Red Hat is modernizing our approach to Compliance as Code, we are making some changes to better provide our customers with the most accurate information available. One of the recent changes involved "ATO Pathways" — the website previously hosted at https://atopathways.redhatgov.io.

### Impact Arbitrary code execution can occur when running `exiftool` against files with hostile metadata payloads ### Patches ExifTool has already been patched in version 12.24. `exiftool_vendored.rb`, which vendors ExifTool, includes this patch in [v12.25.0](https://github.com/exiftool-rb/exiftool_vendored.rb/releases/tag/v12.25.0). ### Workarounds No ### References https://twitter.com/wcbowling/status/1385803927321415687 https://nvd.nist.gov/vuln/detail/CVE-2021-22204 ### For more information If you have any questions or comments about this advisory: Open an issue in [exiftool_vendored.rb](https://github.com/exiftool-rb/exiftool_vendored.rb/issues)

An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service.

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ .

Distributed denial-of-service attacks still plague the enterprise, but adding preventive measures can reduce their impact.