CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2008-4589
https://notcve.org/view.php?id=CVE-2008-4589
Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name. Desbordamiento de búfer basado en montículo en el driver del kernel tvtumin.sys de Lenovo Rescue and Recovery 4.20, incluyendo 4.20.0511 y 4.20.0512, permite a usuarios locales ejecutar código de su elección mediante un nombre de archivo largo. • http://secunia.com/advisories/32252 http://securityreason.com/securityalert/4421 http://www-307.ibm.com/pc/support/site.wss/MIGR-4Q2QAK.html http://www-307.ibm.com/pc/support/site.wss/MIGR-70699.html http://www.isecpartners.com/advisories/2008-02-lenovornr.txt http://www.securityfocus.com/archive/1/497277/100/0/threaded http://www.securityfocus.com/bid/31737 http://www.securitytracker.com/id?1021041 http://www.vupen.com/english/advisories/2008/2806 https://exchange.xfo • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.1EPSS: 1%CPEs: 2EXPL: 0CVE-2008-3249
https://notcve.org/view.php?id=CVE-2008-3249
The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM. Cliente de actualizaciones del sistema de Lenovo anerior a la v 3.14, no valida adecuadamente los certificados cuando establece una conexión SSL, lo que permite a atacantes remotos instalar paquetes de su elección a través de un certificado SSL cuya cabecera X.509 coincide con un certificado público usado por IBM. • http://secunia.com/advisories/30379 http://securitytracker.com/id?1020112 http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt http://www.securityfocus.com/archive/1/492579 http://www.securityfocus.com/bid/29366 https://exchange.xforce.ibmcloud.com/vulnerabilities/42638 • CWE-255: Credentials Management Errors •
CVSS: 5.8EPSS: 13%CPEs: 2EXPL: 0CVE-2007-2928
https://notcve.org/view.php?id=CVE-2007-2928
Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data. Vulnerabilidad de cadena de formato en el control ActiveX IBM Lenovo Access Support acpRunner, distribuido en acpcontroller.dll anterior a 1.2.8.0 y posiblemente acpir.dll anterior a 1.0.0.9 (Automated Solutions 1.0 anterior al fix pack 1), permite a atacantes remotos ejecutar código de su elección mediante especificadores de cadena de formato en datos desconocidos. • http://secunia.com/advisories/26482 http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649 http://www.kb.cert.org/vuls/id/599657 http://www.securityfocus.com/bid/25311 http://www.vupen.com/english/advisories/2007/2882 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045 https://exchange.xforce.ibmcloud.com/vulnerabilities/36033 •
CVSS: 5.8EPSS: 1%CPEs: 2EXPL: 0CVE-2007-2929
https://notcve.org/view.php?id=CVE-2007-2929
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code. El control ActiveX IBM Lenovo Access Support acpRunner, como el distribuido en acpcontroller.dll anterior a 1.2.8.0 y posiblemente acpir.dll anterior a 1.0.0.9 (Automated Solutions 1.0 anterior a fix pack 1), expone métodos no seguros a dominios web arbitrarios, lo cual permite a atacantes descargar código de su elección a un cliente del sistema y ejecutarlo. • http://secunia.com/advisories/26482 http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649 http://www.kb.cert.org/vuls/id/426737 http://www.securityfocus.com/bid/25311 http://www.vupen.com/english/advisories/2007/2882 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045 https://exchange.xforce.ibmcloud.com/vulnerabilities/36035 •
CVSS: 5.8EPSS: 1%CPEs: 2EXPL: 0CVE-2007-2240
https://notcve.org/view.php?id=CVE-2007-2240
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download. El control ActiveX IBM Lenovo Access Support acpRunner, como el distribuido en acpcontroller.dll anterior a 1.2.8.0 y posiblemente acpir.dll anterior a 1.0.0.9 (Automated Solutions 1.0 anterior a fix pack 1), no valida adecuadamente las firmas digitales del software descargado, lo cual hace más fácil para atacantes remotos falsificar una descarga. • http://osvdb.org/39555 http://secunia.com/advisories/26482 http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67649 http://www.kb.cert.org/vuls/id/570705 http://www.securityfocus.com/bid/25311 http://www.vupen.com/english/advisories/2007/2882 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045 https://exchange.xforce.ibmcloud.com/vulnerabilities/36028 •