CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

69 matches found

CVE•added 2018/11/27 2:0 p.m.•46 views

CVE-2018-16094

Affected component: Lenovo System Management Module (SMM) firmware. Vulnerability: In SMM versions prior to 1.06, an internal function that retrieves configuration settings is susceptible to a buffer overflow. Impact: Exploitation could compromise SMM processing semantics as described in the Leno...

8.1CVSS8.2AI score0.00892EPSS

Exploits0References1Affected Software1

CVE•added 2018/11/27 2:0 p.m.•48 views

CVE-2018-16090

The CVE-2018-16090 vulnerability affects Lenovo System Management Module (SMM) firmware prior to 1.06, where the certificate creation and parsing logic allows post-authentication command injection. The Lenovo advisory LEN-24374 documents this issue and links it to several SMM-related CVEs; for CV...

7.5CVSS8AI score0.00874EPSS

Exploits0References1Affected Software1

CVE•added 2018/11/27 2:0 p.m.•45 views

CVE-2018-9084

CVE-2018-9084 affects Lenovo System Management Module (SMM) firmware prior to 1.06. If an attacker logs into the device OS, the validation of software updates can be circumvented. The Lenovo advisory LEN-24374 recommends upgrading SMM firmware to the stated level for your model and applying stand...

6.5CVSS6.9AI score0.00733EPSS

Exploits0References1Affected Software1

CVE•added 2018/11/27 2:0 p.m.•47 views

CVE-2018-16095

CVE-2018-16095 affects Lenovo System Management Module (SMM) firmware prior to 1.06. When authentication fails, the SMM records hashed passwords to a debug log, potentially exposing credentials. Impact is credential exposure within the SMM environment as described by Lenovo’s vulnerability notes....

5.9CVSS6.5AI score0.00916EPSS

Exploits0References1Affected Software1

CVE•added 2018/11/27 2:0 p.m.•46 views

CVE-2018-16089

The CVE-2018-16089 entry concerns Lenovo System Management Module (SMM) firmware. A field in the header of SMM firmware update images in SMM versions prior to 1.06 is insufficiently sanitized, enabling post-authentication command injection on the SMM as the root user. The Lenovo advisory LEN-2437...

8.5CVSS8AI score0.01735EPSS

Exploits0References1Affected Software1

Cvelist•added 2018/11/27 2:0 p.m.•19 views

CVE-2018-16091 System Management Module Vulnerabilities

In System Management Module SMM versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows...

8.2AI score0.00575EPSS

Exploits0References1

Cvelist•added 2018/11/27 2:0 p.m.•15 views

CVE-2018-16090 System Management Module Vulnerabilities

In System Management Module SMM versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection...

7.8AI score0.00874EPSS

Exploits0References1

Cvelist•added 2018/11/27 2:0 p.m.•18 views

CVE-2018-9084 System Management Module Vulnerabilities

In System Management Module SMM versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented...

6.4AI score0.00733EPSS

Exploits0References1

CVE•added 2018/11/27 2:0 p.m.•47 views

CVE-2018-16092

CVE-2018-16092 affects Lenovo System Management Module (SMM) firmware prior to 1.06. The FFDC feature collects SMM system files, including sensitive data such as SMM user credentials and the system shadow file. This exposure could lead to confidentiality impact if FFDC data is accessed or misused...

8.1CVSS8AI score0.00872EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by