CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38508
https://notcve.org/view.php?id=CVE-2024-38508
A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request. • https://support.lenovo.com/us/en/product_security/LEN-156781 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4696
https://notcve.org/view.php?id=CVE-2024-4696
A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited. Se informó una vulnerabilidad de escalada de privilegios en Lenovo Service Bridge antes de la versión 5.0.2.17 que podría permitir la ejecución de comandos del sistema operativo si se visita un enlace especialmente manipulado. • https://support.lenovo.com/us/en/product_security/LEN-163429 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3286
https://notcve.org/view.php?id=CVE-2024-3286
A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request. Se identificó una vulnerabilidad de desbordamiento del búfer en algunas impresoras Lenovo que podría permitir que un usuario no autenticado active el reinicio del dispositivo enviando una solicitud web especialmente manipulada. • https://iknow.lenovo.com.cn/detail/421500 https://www.lenovoimage.com/psirt/notice/158605.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23594
https://notcve.org/view.php?id=CVE-2024-23594
A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute arbitrary code. Se informó una vulnerabilidad de desbordamiento de búfer en un gestor de arranque de recuperación del sistema que formaba parte de los sistemas operativos Windows 7 y 8 precargados de Lenovo de 2012 a 2014 y que podría permitir que un atacante privilegiado con acceso local ejecutara código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-132277 • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23593
https://notcve.org/view.php?id=CVE-2024-23593
A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges. Se informó una vulnerabilidad en un gestor de arranque de recuperación del sistema que formaba parte de los sistemas operativos Windows 7 y 8 precargados de Lenovo de 2012 a 2014 que podría permitir a un atacante privilegiado con acceso local modificar el administrador de arranque y escalar privilegios. • https://support.lenovo.com/us/en/product_security/LEN-132277 • CWE-1284: Improper Validation of Specified Quantity in Input •