CVSS: 8.3EPSS: 0%CPEs: 139EXPL: 0CVE-2024-8281
https://notcve.org/view.php?id=CVE-2024-8281
13 Sep 2024 — An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell. • https://support.lenovo.com/us/en/product_security/LEN-172051 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 139EXPL: 0CVE-2024-8280
https://notcve.org/view.php?id=CVE-2024-8280
13 Sep 2024 — An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file. • https://support.lenovo.com/us/en/product_security/LEN-172051 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 139EXPL: 0CVE-2024-8279
https://notcve.org/view.php?id=CVE-2024-8279
13 Sep 2024 — A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. • https://support.lenovo.com/us/en/product_security/LEN-172051 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 139EXPL: 0CVE-2024-8278
https://notcve.org/view.php?id=CVE-2024-8278
13 Sep 2024 — A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands. • https://support.lenovo.com/us/en/product_security/LEN-172051 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 256EXPL: 0CVE-2023-4607
https://notcve.org/view.php?id=CVE-2023-4607
24 Oct 2023 — An authenticated XCC user can change permissions for any user through a crafted API command. Un usuario XCC autenticado puede cambiar los permisos de cualquier usuario mediante un comando API manipulado. • https://support.lenovo.com/us/en/product_security/LEN-140960 • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 598EXPL: 0CVE-2022-40137
https://notcve.org/view.php?id=CVE-2022-40137
30 Jan 2023 — A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-94953 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.4EPSS: 0%CPEs: 673EXPL: 0CVE-2022-40134
https://notcve.org/view.php?id=CVE-2022-40134
30 Jan 2023 — An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. • https://support.lenovo.com/us/en/product_security/LEN-94953 • CWE-125: Out-of-bounds Read •