64 matches found
CVE-2023-4608
An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...
EUVD-2024-44162
Malicious code in bioql PyPI...
EUVD-2023-54459
Malicious code in bioql PyPI...
EUVD-2023-54461
Malicious code in bioql PyPI...
EUVD-2024-41310
Malicious code in bioql PyPI...
CVE-2024-45105
An internal product security audit discovered a UEFI SMM System Management Mode callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code...
CVE-2024-23591
ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security...
CVE-2023-4606
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...
The vulnerability of the Lenovo XClarity Controller (XCC) for Lenovo ThinkSystem servers arises from the lack of measures taken to neutralize specific elements, allowing a perpetrator to execute arbitrary commands.
The vulnerability of the Lenovo XClarity Controller XCC for Lenovo ThinkSystem systems is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using specially created files...
The vulnerability of the web interface or command interface of the Lenovo XClarity Controller (XCC) for Lenovo ThinkSystem servers allows a perpetrator to execute arbitrary commands.
The vulnerability of the web interface or command interface of the Lenovo XClarity Controller XCC for Lenovo ThinkSystem servers is related to the failure to take measures to neutralize certain elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a...
The vulnerability of the Lenovo XClarity Controller (XCC) against Lenovo ThinkSystem servers allows a hacker to execute arbitrary code.
The vulnerability of the Lenovo XClarity Controller XCC for Lenovo ThinkSystem systems is related to buffer overflow in the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created IPMI command...
The vulnerability of the Lenovo XClarity Controller (XCC) against Lenovo ThinkSystem servers allows a hacker to execute arbitrary commands.
The vulnerability of the Lenovo XClarity Controller XCC for Lenovo ThinkSystem systems is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using specially created files...
The vulnerability of the Lenovo XClarity Controller (XCC) against Lenovo ThinkSystem servers allows a hacker to execute arbitrary commands.
The vulnerability of the Lenovo XClarity Controller XCC for Lenovo ThinkSystem systems is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands using a specially created IPMI...
CVE-2024-4550
A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code...
CVE-2024-45105
An internal product security audit discovered a UEFI SMM System Management Mode callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code...
CVE-2024-45105
An internal product security audit discovered a UEFI SMM System Management Mode callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code...
CVE-2024-45105
An internal product security audit discovered a UEFI SMM System Management Mode callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code...
CVE-2024-45105
Summary: CVE-2024-45105 describes a UEFI SMM callout vulnerability affecting Lenovo ThinkSystem servers. The issue could allow a local attacker with elevated privileges to execute arbitrary code via a SMM callout. The CVSS vectors indicate local access, low attack complexity, but required high pr...
CVE-2024-4550
A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code...
CVE-2024-4550
A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code...