244 matches found
CVE-2022-3744
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential...
CVE-2022-3743
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller EC commands...
Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead
Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security's p0 Labs team identified and tracked an attacker developing and deploying eight 8 incremental iterations of their credential harvesting malwa...
PT-2023-13537 · Lenovo · Lcfc Bios
Name of the Vulnerable Software and Affected Versions: LCFC BIOS affected versions not specified Description: A potential issue was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper...
CVE-2023-4028
A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code...
CVE-2023-34419
A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code...
Intel AI Hackathon Code Issues Vulnerabilities
Intel AI Hackathon is the AI Hackathon repository from Intel Corporation USA, which contains notebooks and tutorials referenced at Intel AI Hackathon events. A security vulnerability exists in versions prior to Intel AI Hackathon 2.0.0. An attacker exploiting the vulnerability could elevate...
The vulnerability of the driver for configuring WMI microprogramming systems in Lenovo laptops allows a hacker to modify security loading parameters through the NVRAM variable.
The vulnerability of the WMI driver for Lenovo notebook microprogramming systems is related to errors in the use of standard permissions. Exploiting this vulnerability allows an attacker to modify security boot parameters through the NVRAM variable...
The vulnerability of the BIOS microprogramming system in ThinkPad notebooks allows a hacker to execute arbitrary code.
The vulnerability of the BIOS microprogramming system in ThinkPad notebooks exists due to insufficient checking of input data in the SMI handler. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
PT-2023-13540 · Lenovo · Lcfc Bios
Name of the Vulnerable Software and Affected Versions: LCFC BIOS affected versions not specified Description: A potential issue was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from...
CVE-2023-0923
A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues...
PT-2023-2053 · Rhods · Rhods
Name of the Vulnerable Software and Affected Versions: RHODS affected versions not specified Description: A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can...
SUSE CVE-2015-4707
Cross-site scripting XSS vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path...
SUSE CVE-2018-19351
Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py,...
CVE-2022-1892
A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code...
CVE-2022-1891
A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code...
CVE-2022-1891
A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code...
CVE-2022-1890
A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code...
CVE-2022-3430
A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable...
CVE-2022-1890
A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code...