CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2018-16095 – System Management Module Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-16095
27 Nov 2018 — In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails. En System Management Module (SMM), en versiones anteriores a la 1.06, los registros de SMM hasheaban contraseñas a un registro de depuración cuando la autenticación de usuario fracasa. • https://support.lenovo.com/us/en/solutions/LEN-24374 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2018-16091 – System Management Module Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-16091
27 Nov 2018 — In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows. En System Management Module (SMM), en versiones anteriores a la 1.06, la lógica de creación de certificados y análisis es vulnerable a varios desbordamientos de búfer. • https://support.lenovo.com/us/en/solutions/LEN-24374 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-16090 – System Management Module Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-16090
27 Nov 2018 — In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection. En System Management Module (SMM), en versiones anteriores a la 1.06, la lógica de creación de certificados y análisis es vulnerable a una inyección de comandos tras la autenticación. • https://support.lenovo.com/us/en/solutions/LEN-24374 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •