134 matches found
EUVD-2024-37383
Malicious code in bioql PyPI...
EUVD-2023-32661
Malicious code in bioql PyPI...
EUVD-2023-54461
Malicious code in bioql PyPI...
EUVD-2024-49064
Malicious code in bioql PyPI...
EUVD-2024-41274
Malicious code in bioql PyPI...
EUVD-2024-49065
Malicious code in bioql PyPI...
CVE-2024-8059
IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters...
CVE-2024-45102
A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On SSO provider for XCC instances...
CVE-2023-4606
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...
Security Bulletin: Multiple vulnerabilities in XCC affect Cloud Pak System
Summary Multiple vulnerabilities in XCC affect Cloud Pak System. Vulnerability Details CVEID:CVE-2024-8281 DESCRIPTION: Lenovo XClarity Controller could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an input validation weakness. An attacker could...
CVE-2024-38512
A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands...
CVE-2024-38509
A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command...
CVE-2024-8281
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell...
CVE-2024-8278
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands...
CVE-2024-8279
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...
CVE-2024-45102
A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On SSO provider for XCC instances...
CVE-2024-45102
A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On SSO provider for XCC instances...
CVE-2024-45102
Lenovo XClarity Administrator (LXCA) privilege escalation vulnerability (CVE-2024-45102) could allow a valid, authenticated LXCA user to elevate privileges for a connected XCC instance when LXCA is used as the SSO provider. Exploitation status is not detailed in the provided sources; CVSS 3.1 bas...
CVE-2024-45102
A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On SSO provider for XCC instances...
PT-2025-2685 · Lxca · Lxca
Name of the Vulnerable Software and Affected Versions: LXCA affected versions not specified Description: A privilege escalation issue was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On SSO...