Security
Headlines
HeadlinesLatestCVEs

Tag

#lenovo

Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities

Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three are rated Critical, 56 are rated Important, and four are rated Moderate in severity. Two of them have been listed as publicly known at the time of the release. The updates are in

The Hacker News
Open in Source
#vulnerability#android#windows#apple#google#microsoft#ubuntu#linux#debian#cisco#red_hat#dos#apache#git#oracle#wordpress#intel#rce#perl#vmware#lenovo#amd#buffer_overflow#asus#samsung#auth#ibm#dell#zero_day#chrome#sap#asp.net#The Hacker News
Ubuntu Security Notice USN-6454-3

Ubuntu Security Notice 6454-3 - Kyle Zeng discovered that the netfilter subsystem in the Linux kernel contained a race condition in IP set operations in certain situations. A local attacker could use this to cause a denial of service. Alex Birnberg discovered that the netfilter subsystem in the Linux kernel did not properly validate register length, leading to an out-of- bounds write vulnerability. A local attacker could possibly use this to cause a denial of service.

CVE-2023-5078: Multi-vendor BIOS Security Vulnerabilities (October 2023) - Lenovo Support US

A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware.

CVE-2023-4891: Lenovo View Denial of Service Vulnerability - Lenovo Support US

A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service.

CVE-2023-4706: Lenovo Preload Directory Vulnerability - Lenovo Support US

A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.

CVE-2023-4632: Lenovo System Update Vulnerability - Lenovo Support US

An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.

CVE-2023-5079

Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure.

CVE-2022-3700: Lenovo Vantage Component Vulnerabilities - Lenovo Support US

A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files.

CVE-2022-3611

An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications.

CVE-2022-3429

A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly.