Intel DCI Policy Update - Lenovo Support US

No description provided...

Intel DCI Policy Update - US

Lenovo Security Advisory: LEN-23611 Potential Impact: Privilege escalation, information disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3652 Summary Description: Intel is releasing Direct Connect Interface DCI policy update. Existing UEFI setting restrictions for...

CVE-2018-11906

CVE-2018-11906 affects Android releases (Android for MSM, Firefox OS for MSM, QRD Android) built from CAF Linux kernel. The vulnerability is due to default privileged access to ADB and debug-fs, enabling local attackers with low complexity to achieve high-impact confidentiality, integrity, and av...

CVE-2018-11906

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs...

CVE-2018-11906

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs...

Design/Logic Flaw

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs...

CVE-2018-16095

In System Management Module SMM versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails...

CVE-2018-16095

In System Management Module SMM versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails...

Authentication flaw

In System Management Module SMM versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails...

CVE-2018-16095

CVE-2018-16095 affects Lenovo System Management Module (SMM) firmware prior to 1.06. When authentication fails, the SMM records hashed passwords to a debug log, potentially exposing credentials. Impact is credential exposure within the SMM environment as described by Lenovo’s vulnerability notes....

CVE-2018-16095 System Management Module Vulnerabilities

In System Management Module SMM versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails...

SUSE-SU-2018:3879-1 Security update for tiff

This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tiflzw.c bsc1113672. - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf bsc1099257. - CVE-2017-9147: Fixed...

Security update for GraphicsMagick (moderate)

This update for GraphicsMagick fixes the following issues: Security issue fixed: - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage of coders/msl.c bsc1113064. Non-security issues fixed: - asanbuild: build ASAN included - debugbuild: build more suitable for debugging This update wa...

Security update for GraphicsMagick (moderate)

This update for GraphicsMagick fixes the following issues: Security issue fixed: - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage of coders/msl.c bsc1113064. Non-security issues fixed: - asanbuild: build ASAN included - debugbuild: build more suitable for debugging...

CVE-2018-2491

When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the...

CVE-2018-2491

When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the...

Google Android kernel elevation of privilege vulnerability (CNVD-2019-44506)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. kernel is one of the kernels. A security vulnerability exists in the 'hiddebugeventsread' function in the drivers/hid/hid-debug.c file in the Android kernel. A local attacker can...

Morris Worm - sendmail Debug Mode Shell Escape (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'expect' class MetasploitModule 'Morris Worm sendmail Debug Mode Shell Escape', 'Description' = %q This module exploits sendmail's well-known historical debug mo...

glusterfs: Unsanitized file names in debug/io-stats translator can allow remote attackers to execute arbitrary code

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. An attacker can use this flaw to create files and execute arbitrary code. To exploit this, the attacker would require...

Morris Worm sendmail Debug Mode Shell Escape

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'expect' class MetasploitModule 'Morris Worm sendmail Debug Mode Shell Escape', 'Description' = %q This module exploits sendmail's well-known historical debug mo...