RSS   Vulnerabilities for 'Storcenter px4-300r firmware'   RSS

2018-09-28
 
CVE-2018-9082

CWE-384
 

 
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their password and retain access to the user's account

 
 
CVE-2018-9081

CWE-79
 

 
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger.

 
 
CVE-2018-9080

CWE-287
 

 
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session.

 
 
CVE-2018-9079

CWE-88
 

 
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device.

 
 
CVE-2018-9078

CWE-254
 

 
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file.

 

 >>> Vendor: Lenovo 569 Products
Thinkpad
Access support
Automated solutions
Thinkvantage system update
Resuce and recovery
Veriface
Thinkpad bluetooth with enhanced data rate software
Usb enhanced performance keyboard
Thinkserver rd350
Thinkserver rd450
Thinkserver rd550
Thinkserver rd650
Thinkserver td350
Thinkserver rd350 firmware
Thinkserver rd450 firmware
Thinkserver rd550 firmware
Thinkserver rd650 firmware
Thinkserver td350 firmware
Thinkserver system manager baseboard management controller firmware
System update
Switch center
Shareit
Fingerprint manager
Touch fingerprint
Emc firmware
Accelerator application
Solution center
Bios efi driver
Ultraslim firmware
BIOS
System interface foundation
Thinkpad 10 ella 2 bios
Thinkpad 11e beema bios
Thinkpad 11e braswell bios
Thinkpad 11e broadwell bios
Thinkpad 11e skylake bios
Thinkpad 13e bios
Thinkpad e450 bios
Thinkpad e450c bios
Thinkpad e455 bios
Thinkpad e460 bios
Thinkpad e465 bios
Thinkpad e550 bios
Thinkpad e550c bios
Thinkpad e555 bios
Thinkpad e560 bios
Thinkpad e565 bios
Thinkpad edge e440 bios
Thinkpad edge e445 bios
Thinkpad edge e540 bios
Thinkpad edge e545 bios
Thinkpad helix 20cg bios
Thinkpad helix 20ch bios
Thinkpad l440 bios
Thinkpad l450 bios
Thinkpad l460 bios
Thinkpad l540 bios
Thinkpad l560 bios
Thinkpad p50 bios
Thinkpad p50s bios
Thinkpad p70 bios
Thinkpad s1 yoga 12 bios
Thinkpad s1 yoga non vpro bios
Thinkpad s1 yoga vpro bios
Thinkpad s3 s440 bios
Thinkpad s3 yoga 14 bios
Thinkpad s540 bios
Thinkpad s5 e560p bios
Thinkpad s5 yoga 15 bios
Thinkpad t440 bios
Thinkpad t440p bios
Thinkpad t440s bios
Thinkpad t440u bios
Thinkpad t450 bios
Thinkpad t450s bios
Thinkpad t460 bios
Thinkpad t460p bios
Thinkpad t460s bios
Thinkpad t540 bios
Thinkpad t540p bios
Thinkpad t550 bios
Thinkpad t560 bios
Thinkpad tablet 10 bios
Thinkpad tablet 8 bios
Thinkpad w540 bios
Thinkpad w541 bios
Thinkpad w550s bios
Thinkpad x140e amd bios
Thinkpad x1 carbon 20ax bios
Thinkpad x1 carbon 20bx bios
Thinkpad x1 carbon bios
Thinkpad x1 tablet bios
Thinkpad x1 yoga bios
Thinkpad x240 bios
Thinkpad x240s bios
Thinkpad x250 broadwell bios
Thinkpad x250 sharkbay bios
Thinkpad x260 bios
Thinkpad yoga 11e beema bios
Thinkpad yoga 11e bios
See all Products for Vendor Lenovo


Copyright 2019, cxsecurity.com

 

Back to Top