lenovo warranty check/lookup | check warranty status | lenovo support us

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Low attack complexity/public exploits available  Vendor: Siemens ProductCERT  Equipment: RUGGEDCOM APE1808 Product Family  Vulnerabilities: Time-of-check Time-of-use (TOCTOU) Race Condition  2. RISK EVALUATION Exploitation of these vulnerabilities on affected products could lead to system crashing or escalation of privileges.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  RUGGEDCOM APE1808 ADM (6GK6015-0AL20-0GL0) - vers:all/*  RUGGEDCOM APE1808 ADM CC (6GK6015-0AL20-0GL1) - vers:all/*  RUGGEDCOM APE1808 CKP (6GK6015-0AL20-0GK0) - vers:all/*  RUGGEDCOM APE1808 CKP CC (6GK6015-0AL20-0GK1)...

Plus: Apple warns iPhone users about spyware attacks, CISA issues an emergency directive about a Microsoft breach, and a ransomware hacker tangles with an unimpressed HR manager named Beth.

In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set.

Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting (XSS) vulnerability via the function strip_tags.

An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability.

Live Nation has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach.

Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz.

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.