lenovo warranty check/lookup | check warranty status | lenovo support us

Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged in and have authorization (permissions) to create/edit connections. It is recommended to upgrade to a version that is not affected. This issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it.

Torrance, United States / California, 12th September 2024, CyberNewsWire

Plus: The FTC cracks down on GoodRx, Microsoft boots “verified” phishing scammers, researchers disclose EV charger vulnerabilities, and more.

In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. Such issue could be chained with an open redirect (CVE-2021-24358) in version below 4.1.10, to include a crafted password reset link in the email, which would lead to an account takeover.

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.

A now-patched critical vulnerability in OpenSea, the world's largest non-fungible token (NFT) marketplace, could've been abused by malicious actors to drain cryptocurrency funds from a victim by sending a specially-crafted token, opening a new attack vector for exploitation. The findings come from cybersecurity firm Check Point Research, which began an investigation into the platform following

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

This Metasploit module utilizes the Unified Remote remote control protocol to type out and deploy a payload. The remote control protocol can be configured to have no passwords, a group password, or individual user accounts. If the web page is accessible, the access control is set to no password for exploitation, then reverted. If the web page is not accessible, exploitation will be tried blindly. This module has been successfully tested against version 3.11.0.2483 (50) on Windows 10.