lenovo warranty check/lookup | check warranty status | lenovo support us

MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file.

UPDATE July 12, 2022: As part of the response by Microsoft, a defense in depth variant has been found and fixed in the Windows July cumulative updates. Microsoft recommends installing the July updates as soon as possible. Windows Version Link to KB article LInk to Catalog Windows 8.1, Windows Server 2012 R2 5015805 Download Windows Server 2012 5015805 Download Windows 7, Windows Server 2008 R2 5015805 Download Windows Server 2008 SP2 5015805 Download On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability.

The package vm2 before 3.9.10 is vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise.

Red Hat Security Advisory 2023-4591-01 - Red Hat Update Infrastructure offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux instances. Issues addressed include bypass and denial of service vulnerabilities.

The crate has several unsafe sections that don't perform proper pointer validation. An example can be found in the following function: ``` fn section_header_raw(&self) -> &[ET::SectionHeader] { let sh_off = self.elf_header().section_header_offset() as usize; let sh_num = self.elf_header().section_header_entry_num() as usize; unsafe { let sh_ptr = self.content().as_ptr().add(sh_off); from_raw_parts(sh_ptr as *const ET::SectionHeader, sh_num) } } ``` While this will work perfectly fine *if* the ELF header is valid, malicious or malformed input can contain a section header offset of an arbitrary size, meaning that the resultant pointer in the unsafe block can point to an artibrary address in the address space of the process. This can result in unpredictable behaviour, and in our fuzz testing, we discovered that it's trivial to cause SIGABRT (signal 6), or SEGV (signal 11). The function should either be marked as unsafe, with a note that the caller is r...

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system.

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.

We take a look at a WordPress plugin, abandoned and open to JavaScript related exploitation. Uninstall it now! The post Warning for WordPress admins: uninstall the Modern WPBakery plugin immediately! appeared first on Malwarebytes Labs.

views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack.

In ft_open_face_internal of ftobjs.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.