lenovo warranty check/lookup | check warranty status | lenovo support us

In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

ASUS RT-AC86U’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.

Cities across the US have established RTCCs that police say protect the rights of innocent people, but critics warn of creeping surveillance.

Torrance, United States / California, 12th September 2024, CyberNewsWire

In this common email scam, a criminal pretending to be your boss or coworker emails you asking for a favor involving money. Here's what do to when a bad actor lands in your inbox.

An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip.

An issue was discovered in Bento4 1.6.0-639. There is a memory leak in the function AP4_File::ParseStream in /Core/Ap4File.cpp.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Low attack complexity/public exploits available  Vendor: Siemens ProductCERT  Equipment: RUGGEDCOM APE1808 Product Family  Vulnerabilities: Time-of-check Time-of-use (TOCTOU) Race Condition  2. RISK EVALUATION Exploitation of these vulnerabilities on affected products could lead to system crashing or escalation of privileges.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  RUGGEDCOM APE1808 ADM (6GK6015-0AL20-0GL0) - vers:all/*  RUGGEDCOM APE1808 ADM CC (6GK6015-0AL20-0GL1) - vers:all/*  RUGGEDCOM APE1808 CKP (6GK6015-0AL20-0GK0) - vers:all/*  RUGGEDCOM APE1808 CKP CC (6GK6015-0AL20-0GK1)...

An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory.

Senator Mark Warner is trying to pass new limits on when the government can wiretap Americans. At least two senators are quietly trying to stop him.