Filtered by vendor Lenovo Subscriptions
Filtered by product Ez Media \& Backup Center Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-9078 1 Lenovo 40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more 2024-08-05 N/A
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file.
CVE-2018-9081 1 Lenovo 40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more 2024-08-05 N/A
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger.
CVE-2018-9080 1 Lenovo 40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more 2024-08-05 N/A
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session.
CVE-2018-9082 1 Lenovo 40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more 2024-08-05 N/A
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their password and retain access to the user's account
CVE-2018-9079 1 Lenovo 40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more 2024-08-05 N/A
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device.