Produkt Px4-400d firmware (...)

Podatności dla 'Px4-400d firmware'

2018-09-28

CVE-2018-9082

CWE-384

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their password and retain access to the user's account

CVE-2018-9081

CWE-79

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger.

CVE-2018-9080

CWE-287

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session.

CVE-2018-9079

CWE-88

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device.

CVE-2018-9078

CWE-79

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file.

>>> Vendor: Lenovo 812 Produkty

Thinkpad

Access support

Automated solutions

Thinkvantage system update

Resuce and recovery

Veriface

Thinkpad bluetooth with enhanced data rate software

Usb enhanced performance keyboard

Thinkserver rd350 firmware

Thinkserver rd450 firmware

Thinkserver rd550 firmware

Thinkserver rd650 firmware

Thinkserver td350 firmware

Thinkserver system manager baseboard management controller firmware

Accelerator application

System interface foundation

Thinkpad 10 ella 2 bios

Thinkpad 11e beema bios

Thinkpad 11e braswell bios

Thinkpad 11e broadwell bios

Thinkpad 11e skylake bios

Thinkpad edge e440 bios

Thinkpad edge e445 bios

Thinkpad edge e540 bios

Thinkpad edge e545 bios

Thinkpad helix 20cg bios

Thinkpad helix 20ch bios

Thinkpad s1 yoga 12 bios

Thinkpad s1 yoga non vpro bios

Thinkpad s1 yoga vpro bios

Thinkpad s3 s440 bios

Thinkpad s3 yoga 14 bios

Thinkpad s540 bios

Thinkpad s5 e560p bios

Thinkpad s5 yoga 15 bios

Thinkpad tablet 10 bios

Thinkpad tablet 8 bios

Thinkpad w540 bios

Thinkpad w541 bios

Thinkpad w550s bios

Thinkpad x140e amd bios

Thinkpad x1 carbon 20ax bios

Thinkpad x1 carbon 20bx bios

Thinkpad x1 carbon bios

Thinkpad x1 tablet bios

Thinkpad x1 yoga bios

Thinkpad x240 bios

Thinkpad x240s bios

Thinkpad x250 broadwell bios

Thinkpad x250 sharkbay bios

Thinkpad x260 bios

Thinkpad yoga 11e beema bios

Thinkpad yoga 11e bios

Zobacz wszystkie produkty dla producenta Lenovo