lenovo warranty check/lookup | check warranty status | lenovo support us

Expect more regulatory and enforcement action in the US and around the world.

Categories: Business With a few best practices, local governments can improve their cybersecurity posture and make it less likely that threat actors attack their systems. We’ll break down five best practices for local government cybersecurity in this post. (Read more...) The post Local government cybersecurity: 5 best practices appeared first on Malwarebytes Labs.

### Impact py-cord is a an API wrapper for Discord written in Python. Bots using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the `application.commands` scope without the `bot` scope. Currently, it appears that all public bots that use slash commands are affected. ### Patches This issue has been patched in version 2.0.1. ### Workarounds There are currently no recommended workarounds - please upgrade to a patched version. ### References https://github.com/Pycord-Development/pycord/pull/1568 ### For more information If you have any questions or comments about this advisory: * Open an issue in [our GitHub](https://github.com/Pycord-Development/pycord) * Email us at [[email protected]](mailto:[email protected])

## Command Injection in docker fetch process ### Summary A possible command injection in the docker fetch process as it allows to append malicious commands in the docker_reference parameter. ### Details In the function `scanpipe/pipes/fetch.py:fetch_docker_image`[1] the parameter `docker_reference` is user controllable. The `docker_reference` variable is then passed to the vulnerable function `get_docker_image_platform`. ```python def fetch_docker_image(docker_reference, to=None): """ code snipped .... """ platform_args = [] platform = get_docker_image_platform(docker_reference) # User controlled `docker_reference` passed """ code snipped... """ ``` However, the `get_docker_image_plaform` function constructs a shell command with the passed `docker_reference`. The `pipes.run_command` then executes the shell command without any prior sanitization, making the function vulnerable to command injections. ```python def get_docker_image_platform(docker_refer...

### Impact Read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers. ### Patches Patch v1.3.35 or higher ### Workarounds No workaround ### References For future reference and understanding of this issue, anyone can check this integration test https://github.com/ElrondNetwork/elrond-go/blob/8e402fa6d7e91e779980122d3798b2bf50892945/integrationTests/vm/txsFee/asyncESDT_test.go#L452 that proves the fix and prevents a future code regression. ### For more information If you have any questions or comments about this advisory: * Open an issue in elrond-go ([http://github.com/ElrondNetwork/elrond-go/issues](https://github.com/ElrondNetwork/elrond-go/issues))

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check.

Categories: Business See how our new offering Malwarebytes Security for Business helps you crush mobile malware and phishing attacks. (Read more...) The post Introducing Malwarebytes Mobile Security for Business: How to find malware and stop phishing attacks on smartphones and ChromeOS appeared first on Malwarebytes Labs.

Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With: XMLHttpRequest field in the request header. This issue has been patched in 1.8.8-release. There are no known workarounds.

This is a script to check your kernel versions to see if you're susceptible to CVE-2024-26581.

Categories: Exploits and vulnerabilities Categories: News Tags: Log4Text Tags: Apache Tags: Commons Text Tags: CVE-2022-42889 Tags: Log4j Tags: Log4Shell Tags: interpolators Log4Text is a recently found vulnerability in Apache Commons. Log4Text provoked a knee jerk reaction because it reminds us of Log4Shell. So should we worry? (Read more...) The post Why Log4Text is not another Log4Shell appeared first on Malwarebytes Labs.