lenovo warranty check/lookup | check warranty status | lenovo support us

The Ewon Cosy+ is a VPN gateway used for remote access and maintenance in industrial environments. The Ewon Cosy+ executes all tasks and services in the context of the user "root" and therefore with the highest system privileges. By compromising a single service, attackers automatically gain full system access.

Renewable energy firms deal with a large cyberattack surface area, given the distributed nature of power generation and more pervasive connectivity.

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the site's cache.

An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service.

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer overflow is used to allocate the output tensor, hence we get a denial of service via a `CHECK`-failure (assertion failure), as in TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

### Impact ZITADEL provides users the ability to list all user sessions of the current user agent (browser) by API and in the Console UI. Due to a missing check, user sessions without that information (e.g. when created though the session service) were incorrectly listed exposing potentially other user's sessions. Note that the Login UI was never affected and there was no possibility to take over such a session. ### Patches 2.x versions are fixed on >= [2.55.1](https://github.com/zitadel/zitadel/releases/tag/v2.55.1) 2.54.x versions are fixed on >= [2.54.5](https://github.com/zitadel/zitadel/releases/tag/v2.54.5) 2.53.x versions are fixed on >= [2.53.8](https://github.com/zitadel/zitadel/releases/tag/v2.53.8) ZITADEL recommends upgrading to the latest versions available in due course. ### Workarounds There is no workaround since a patch is already available. ### References - https://github.com/zitadel/zitadel/pull/8231 - https://discord.com/channels/927474939156643850/1254096...

Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data

The weblibrarian plugin before 3.4.8.6 for WordPress has XSS via front-end short codes.

RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser.