Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 95 ms.

CVE-2023-21257

In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE
#android#google#java#auth
CVE-2023-41347: ASUS RT-AX55 - command injection - 3

ASUS RT-AC86U’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.

The Quiet Rise of Real-Time Crime Centers

Cities across the US have established RTCCs that police say protect the rights of innocent people, but critics warn of creeping surveillance.

How to Spot a Business Email Compromise Scam

In this common email scam, a criminal pretending to be your boss or coworker emails you asking for a favor involving money. Here's what do to when a bad actor lands in your inbox.

CVE-2023-34878: Ujcms v6.0.2 has a sensitive file reading problem · Issue #6 · ujcms/ujcms

An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip.

CVE-2022-43037: Memory leaks with ASAN in mp42aac · Issue #788 · axiomatic-systems/Bento4

An issue was discovered in Bento4 1.6.0-639. There is a memory leak in the function AP4_File::ParseStream in /Core/Ap4File.cpp.

Siemens RUGGEDCOM APE1808 Product Family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Low attack complexity/public exploits available  Vendor: Siemens ProductCERT  Equipment: RUGGEDCOM APE1808 Product Family  Vulnerabilities: Time-of-check Time-of-use (TOCTOU) Race Condition  2. RISK EVALUATION Exploitation of these vulnerabilities on affected products could lead to system crashing or escalation of privileges.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  RUGGEDCOM APE1808 ADM (6GK6015-0AL20-0GL0) - vers:all/*  RUGGEDCOM APE1808 ADM CC (6GK6015-0AL20-0GL1) - vers:all/*  RUGGEDCOM APE1808 CKP (6GK6015-0AL20-0GK0) - vers:all/*  RUGGEDCOM APE1808 CKP CC (6GK6015-0AL20-0GK1)...

CVE-2023-1194: Invalid Bug ID

An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory.

US Senators Secretly Work to Block Safeguards Against Surveillance Abuse

Senator Mark Warner is trying to pass new limits on when the government can wiretap Americans. At least two senators are quietly trying to stop him.