Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the database.
When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. This information could be helpful to attackers if they are able to identify other exploitable vulnerabilities in the environment.
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components.
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorization.
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API.
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization.
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user’s account.
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled.
On paper, “The Queen’s Gambit” might not sound like a compelling drama: Based on a novel by Walter Tevis, the Netflix series tells the story of Beth Harmon as she rises through the world of competitive chess, eventually taking on the world champion from the Soviet Union.
But on the latest episode of the Original Content podcast, your hosts are unanimous in their love for the series. We talk a bit about some of the flaws (a setup-heavy first episode, the unsatisfying treatment of Beth’s friend Jolene), but for the most part, we’re happy to spend our time praising the show.
Some of that has to do with the period setting — “The Queen’s Gambit” traces Beth’s life through the 1950s and ’60s, with some delightfully retro sets and costumes, along with a clear-eyed approach towards the condescension and sexism that Beth faces in her early matches.
At the same time, it’s Beth (played by Anya Taylor-Joy) who pulls you through all eight episodes as they depict her complex relationship with her foster mother, her struggles with substance abuse and her friendships with other chess players. While Beth has a handful traits you’ll recognize from other difficult geniuses portrayed on-screen, she’s ultimately too complex to boil down to a single idea or logline.
And while you don’t need to know much about chess to enjoy “The Queen’s Gambit,” the show’s focus on character and personality allows it to depict competitive chess in a way that is, in fact, thrilling.
You can listen to our review in the player below, subscribe using Apple Podcasts or find us in your podcast player of choice. If you like the show, please let us know by leaving a review on Apple. You can also follow us on Twitter or send us feedback directly. (Or suggest shows and movies for us to review!)
f you’d like to skip ahead, here’s how the episode breaks down:
4:28 “The Queen’s Gambit” review
34:11 “The Queen’s Gambit” spoiler discussion
When large parts of the world were shutting down in March, we really didn’t know how we would move massive numbers of employees used to working in the office to work from home.
In early March, I wrote a piece on how to prepare for such an eventuality, speaking to several experts who had a background in the software and other tooling that would be involved. But the shift involved so much more than the mechanics of working at home. We were making this transition during a pandemic that was forcing us to deal with a much broader set of issues in our lives.
Yet here we are seven months later, and surely we must have learned some lessons along the way about working from home effectively, but what do these lessons look like and how can we make the most of this working approach for however long this pandemic lasts?
I spoke to Karen Mangia, vice president of customer and market insights at Salesforce and author of the book, Working from Home, Making the New Normal Work for You, to get her perspective on what working from home looks like as we enter our eighth month and what we’ve learned along the way.
As employees moved home in March, managers had to wonder how productive employees would be without being in the office. While many companies had flexible approaches to work, this usually involved some small percentage of employees working from home, not the entire workforce, and that presented challenges to management used to judging employee performance based for the most part on being in the building during the work day.
One of the things that we looked at in March was putting the correct tools in place to enable communication even when we weren’t together. Mangia says that those tools can help close what she calls the trust gap.
“Leaders want to know that their employees are working on what’s expected and delivering outcomes. Employees want to make sure their managers know how hard they’re working and that they’re getting things done. And the technology and tools I think help us solve for that trust gap in the middle,” she explained.
She believes the biggest thing that individuals can do at the moment is to simply reassess and look for small ways to improve your work life because we are probably not going to be returning to the office anytime soon. “I think what we’re discovering is the things that we can put in place to improve the quality of our own experiences as employees, as learners and as leaders can be very simple adjustments. This does not have to be a five year, five phase, $5 million roadmap kind of a situation. Simple adjustments matter,” she said, adding that could be measures as basic as purchasing a comfortable chair because the one you’ve been using at the dining room table is hurting your back.