Vulnerabilities > Lenovo

DATE CVE VULNERABILITY TITLE RISK
2018-09-28 CVE-2018-9082 Session Fixation vulnerability in Lenovo products
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one.
network
low complexity
lenovo CWE-384
4.0
2018-09-28 CVE-2018-9081 Cross-site Scripting vulnerability in Lenovo products
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS.
network
high complexity
lenovo CWE-79
2.6
2018-09-28 CVE-2018-9080 Improper Authentication vulnerability in Lenovo products
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value.
network
lenovo CWE-287
4.3
2018-09-28 CVE-2018-9079 Cross-site Scripting vulnerability in Lenovo products
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page.
network
low complexity
lenovo CWE-79
7.5
2018-09-28 CVE-2018-9078 Cross-site Scripting vulnerability in Lenovo products
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset.
network
lenovo CWE-79
6.8
2018-09-28 CVE-2018-9077 OS Command Injection vulnerability in Lenovo Lenovoemc Firmware
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter.
network
lenovo CWE-78
critical
9.3
2018-09-28 CVE-2018-9076 OS Command Injection vulnerability in Lenovo Lenovoemc Firmware
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter.
network
lenovo CWE-78
critical
9.3
2018-09-28 CVE-2018-9075 OS Command Injection vulnerability in Lenovo Lenovoemc Firmware
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter.
network
lenovo CWE-78
critical
9.3
2018-09-28 CVE-2018-9074 Path Traversal vulnerability in Lenovo Lenovoemc Firmware
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal.
network
low complexity
lenovo CWE-22
6.8
2018-09-21 CVE-2018-12169 Improper Authentication vulnerability in multiple products
Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication.
local
low complexity
intel lenovo CWE-287
4.6