Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Lenovo Subscribe
Filtered by product Ix2
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-9079 1 Lenovo 40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more 2020-08-24 7.5 HIGH 9.8 CRITICAL
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device.
CVE-2018-9078 1 Lenovo 40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more 2019-10-02 6.8 MEDIUM 8.8 HIGH
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file.
CVE-2018-9080 1 Lenovo 40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more 2019-01-08 4.3 MEDIUM 5.9 MEDIUM
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session.
CVE-2018-9082 1 Lenovo 40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more 2019-01-07 4.0 MEDIUM 8.8 HIGH
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their password and retain access to the user's account
CVE-2018-9081 1 Lenovo 40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more 2018-11-16 2.6 LOW 4.7 MEDIUM
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger.