lenovo warranty check/lookup | check warranty status | lenovo support us

A mitigation bypass / privilege escalation flaw has been discovered in Apple's iOS Screen Time functionality, granting one access to modify the restrictions. It allows a local attacker to acquire the Screen Time Passcode by bypassing the anti-bruteforce protections on the four-digit Passcode, and in consequence gaining total control over Screen Time (Parental Control) settings. Version 17.2.1 is affected.

When reading a TGA file with RLE packets that cross scan lines, Pillow reads the information past the end of the first line without deducting that from the length of the remaining file data. This vulnerability was introduced in Pillow 9.1.0, and can cause a heap buffer overflow. Opening an image with a zero or negative height has been found to bypass a decompression bomb check. This will now raise a SyntaxError instead, in turn raising a PIL.UnidentifiedImageError.

Versions of the library from 0.2.2 to 1.0.9 are vulnerable to the arbitrary code execution due to unsafe usage of `new Function(...)` in the module that handles points format. Applications passing the 3rd parameter to the `hull` function without sanitising may be impacted. The vulnerability has been fixed in version 1.0.10, please update the library. Check project homepage on GitHub to see how to fetch the latest version: https://github.com/andriiheonia/hull?tab=readme-ov-file#npm-package

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Baijicms v4 was discovered to contain an arbitrary file upload vulnerability.

Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name.

An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability.

An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability.

People who have turned to X for breaking news about the Israel-Hamas conflict are being hit with old videos, fake photos, and video game footage at a level researchers have never seen.