7.2
CVE-2024-8278 -
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.
4.3
CVE-2024-8059 -
IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.
6.8
CVE-2024-7756 -
A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell.
6.7
CVE-2024-4550 -
A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystemΒ and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code.
6.7
CVE-2024-3100 -
A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code.
5.6
CVE-2024-31416 -
The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result iβ¦
6.3
CVE-2024-31415 -
The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encryptionβ¦
6.7
CVE-2024-31414 -
The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts whenβ¦
8.7
CVE-2024-45368 - AutomationDirect DirectLogic H2-DM1E Session Fixation
The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This behβ¦
8.7
CVE-2024-43099 - AutomationDirect DirectLogic H2-DM1E Authentication Bypass by Capture-replay
The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into an β¦