Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 63 ms.

WhatsApp 2023: New Privacy Features, Settings, and More

The Meta-owned app offers end-to-end encryption of texts, images, and more by default—but its settings aren't as private as they could be.

Wired
#web#android#mac#apple#google#git#auth#sap
GHSA-g6pw-999w-j75m: ELF header parsing library doesn't check for valid offset

The crate has several unsafe sections that don't perform proper pointer validation. An example can be found in the following function: ``` fn section_header_raw(&self) -> &[ET::SectionHeader] { let sh_off = self.elf_header().section_header_offset() as usize; let sh_num = self.elf_header().section_header_entry_num() as usize; unsafe { let sh_ptr = self.content().as_ptr().add(sh_off); from_raw_parts(sh_ptr as *const ET::SectionHeader, sh_num) } } ``` While this will work perfectly fine *if* the ELF header is valid, malicious or malformed input can contain a section header offset of an arbitrary size, meaning that the resultant pointer in the unsafe block can point to an artibrary address in the address space of the process. This can result in unpredictable behaviour, and in our fuzz testing, we discovered that it's trivial to cause SIGABRT (signal 6), or SEGV (signal 11). The function should either be marked as unsafe, with a note that the caller is r...

RHSA-2022:5879: Red Hat Security Advisory: OpenShift Container Platform 4.9.45 bug fix and security update

Red Hat OpenShift Container Platform release 4.9.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2403: openshift: oauth-serving-cert configmap contains cluster certificate private key

CVE-2022-41970: Check share attributes on preview endpoints by juliushaertl · Pull Request #34788 · nextcloud/server

Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents (first page) can be downloaded without being watermarked. Versions 24.0.7 and 25.0.1 contain a fix for this issue. No known workarounds are available.

The Hidden Race to Protect the US Bioeconomy From Hacker Threats

A biotech threat intelligence group is gaining supporters as urgency mounts around an overlooked vulnerable sector.

CVE-2021-33333

["The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs."]

CVE-2020-6270

SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices.

GHSA-66hv-fhcm-7xm7: Jenkins Warnings Plugin exposures system-scoped credentials

Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1.

CVE-2022-25146: Securitum - bezpieczeństwo systemów IT

The Remote App module in Liferay Portal through v7.4.3.8 and Liferay DXP through v7.4 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message.

Google Chrome Rolls Out Support for 'Privacy Sandbox' to Bid Farewell to Tracking Cookies

Google has officially begun its rollout of Privacy Sandbox in the Chrome web browser to a majority of its users, nearly four months after it announced the plans. "We believe it is vital to both improve privacy and preserve access to information, whether it's news, a how-to-guide, or a fun video," Anthony Chavez, vice president of Privacy Sandbox initiatives at Google, said. "Without viable