CVE-2023-4608

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

EUVD-2024-41310

Malicious code in bioql PyPI...

EUVD-2023-54459

Malicious code in bioql PyPI...

EUVD-2024-44162

Malicious code in bioql PyPI...

EUVD-2023-54461

Malicious code in bioql PyPI...

CVE-2024-45105

An internal product security audit discovered a UEFI SMM System Management Mode callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code...

CVE-2024-23591

ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security...

CVE-2023-4606

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

CVE-2024-45105

An internal product security audit discovered a UEFI SMM System Management Mode callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code...

CVE-2024-4550

A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code...

CVE-2024-45105

An internal product security audit discovered a UEFI SMM System Management Mode callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code...

CVE-2024-45105

Summary: CVE-2024-45105 describes a UEFI SMM callout vulnerability affecting Lenovo ThinkSystem servers. The issue could allow a local attacker with elevated privileges to execute arbitrary code via a SMM callout. The CVSS vectors indicate local access, low attack complexity, but required high pr...

CVE-2024-45105

An internal product security audit discovered a UEFI SMM System Management Mode callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code...

CVE-2024-4550

A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code...

CVE-2024-4550

A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code...

CVE-2024-4550

CVE-2024-4550 describes a potential buffer overflow in Lenovo ThinkSystem and ThinkStation products. Based on connected sources, the vulnerability could allow a local attacker with elevated privileges to execute arbitrary code. Details on affected models, exact root cause, and available fixes/rem...

PT-2024-31435 · Lenovo · Lenovo Thinksystem Servers

Name of the Vulnerable Software and Affected Versions: Lenovo ThinkSystem servers affected versions not specified Description: An internal product security audit discovered a UEFI SMM System Management Mode callout issue in certain ThinkSystem servers. This could allow a local attacker with...

Lenovo ThinkSystem和Lenovo ThinkStation 安全漏洞

Lenovo ThinkSystem and Lenovo ThinkStation Lenovo Desktop Workstation are both products of Lenovo, a Chinese company.Lenovo ThinkSystem is a ThinkSystem series server appliance.Lenovo ThinkStation is a desktop workstation. A security vulnerability exists in Lenovo ThinkSystem and Lenovo...

PT-2024-31665 · Lenovo · Lenovo Thinksystem +1

Name of the Vulnerable Software and Affected Versions: Lenovo ThinkSystem and ThinkStation products affected versions not specified Description: A potential buffer overflow issue was reported in some Lenovo ThinkSystem and ThinkStation products. This could allow a local attacker with elevated...

Lenovo ThinkSystem 安全漏洞

Lenovo ThinkSystem is a ThinkSystem series server appliance from Lenovo, a Chinese company. A security vulnerability exists in the Lenovo ThinkSystem that stems from a UEFI system management mode vulnerability contained in the ThinkSystem that could allow a local attacker with elevated privileges...