lenovo warranty check/lookup | check warranty status | lenovo support us

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2 and 13.10.4, this can also be exploited on a private wiki, thus potentially giving the attacker access to the wiki. Depending on the configured default rights of users, this could also give attackers write access to an otherwise read-only public wiki. Users can also be created when an external authentication system like LDAP is configured, but authentication fails unless the authentication system supports a bypass/local accounts are enabled in addition to the external authentication system. This issue has been patched in XWiki 13.10.5 and 14.3RC1. As a workaround, one may replace `xpart.vm`, the entry point for this attack, by a patched version from the patch without updating XWiki.

By Waqas Ukraine used Clearview AI, now it is up for grabs by US Defense agencies! This is a post from HackRead.com Read the original post: Controversial Clearview AI Added to US Government’s Tech Marketplace

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information such as database credentials.

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information provided by PHP info.

An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h4.5.4.2476 build 20230728 and later

### Impact The implementation of [`tf.raw_ops.UnsortedSegmentJoin`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/unsorted_segment_join_op.cc#L83-L148) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf tf.strings.unsorted_segment_join( inputs=['123'], segment_ids=[0], num_segments=-1) ``` The code assumes `num_segments` is a positive scalar but there is no validation: ```cc const Tensor& num_segments_tensor = context->input(2); auto num_segments = num_segments_tensor.scalar<NUM_SEGMENTS_TYPE>()(); // ... Tensor* output_tensor = nullptr; TensorShape output_shape = GetOutputShape(input_shape, segment_id_shape, num_segments); ``` Since this value is used to allocate the output tensor, a negative value would result in a `CHECK`-failure (assertion failure), as per [TFSA-2021-198](https://github...

### Impact The implementation of [`tf.raw_ops.LSTMBlockCell`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/rnn/lstm_ops.cc) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf tf.raw_ops.LSTMBlockCell( x=tf.constant(0.837607, shape=[28,29], dtype=tf.float32), cs_prev=tf.constant(0, shape=[28,17], dtype=tf.float32), h_prev=tf.constant(0.592631638, shape=[28,17], dtype=tf.float32), w=tf.constant(0.887386262, shape=[46,68], dtype=tf.float32), wci=tf.constant(0, shape=[], dtype=tf.float32), wcf=tf.constant(0, shape=[17], dtype=tf.float32), wco=tf.constant(0.592631638, shape=[28,17], dtype=tf.float32), b=tf.constant(0.75259006, shape=[68], dtype=tf.float32), forget_bias=1, cell_clip=0, use_peephole=False) ``` The code does not validate the ranks of any of the arguments to this API call...

StarWind SAN and NAS before 0.2 build 1685 allows remote code execution via a virtual disk management command.