Page 7 of 421 results (0.003 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request. • https://support.lenovo.com/us/en/product_security/LEN-156781 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited. Se informó una vulnerabilidad de escalada de privilegios en Lenovo Service Bridge antes de la versión 5.0.2.17 que podría permitir la ejecución de comandos del sistema operativo si se visita un enlace especialmente manipulado. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Lenovo Service Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the LscShim module. When parsing a crafted URL, the process does not properly validate a user-supplied string before using it to execute a system call. • https://support.lenovo.com/us/en/product_security/LEN-163429 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request. Se identificó una vulnerabilidad de desbordamiento del búfer en algunas impresoras Lenovo que podría permitir que un usuario no autenticado active el reinicio del dispositivo enviando una solicitud web especialmente manipulada. • https://iknow.lenovo.com.cn/detail/421500 https://www.lenovoimage.com/psirt/notice/158605.html • CWE-121: Stack-based Buffer Overflow •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute arbitrary code. Se informó una vulnerabilidad de desbordamiento de búfer en un gestor de arranque de recuperación del sistema que formaba parte de los sistemas operativos Windows 7 y 8 precargados de Lenovo de 2012 a 2014 y que podría permitir que un atacante privilegiado con acceso local ejecutara código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-132277 • CWE-121: Stack-based Buffer Overflow •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges. Se informó una vulnerabilidad en un gestor de arranque de recuperación del sistema que formaba parte de los sistemas operativos Windows 7 y 8 precargados de Lenovo de 2012 a 2014 que podría permitir a un atacante privilegiado con acceso local modificar el administrador de arranque y escalar privilegios. • https://support.lenovo.com/us/en/product_security/LEN-132277 • CWE-1284: Improper Validation of Specified Quantity in Input •