Filtered by vendor Lenovo
Subscribe
Total
373 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9076 | 1 Lenovo | 22 Iomega Ez Media \& Backup Center, Iomega Storcenter Ix2, Iomega Storcenter Ix2-dl and 19 more | 2019-10-03 | 9.3 HIGH | 8.1 HIGH |
| For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter. | |||||
| CVE-2018-16092 | 1 Lenovo | 8 System Management Module Firmware, Thinkagile Hx Enclosure 7x81, Thinkagile Hx Enclosure 7y87 and 5 more | 2019-10-03 | 4.3 MEDIUM | 8.1 HIGH |
| In System Management Module (SMM) versions prior to 1.06, the FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow file. | |||||
| CVE-2018-9085 | 2 Ibm, Lenovo | 56 Bladecenter, Bladecenter Hs23 Firmware, Bladecenter Hs23e Firmware and 53 more | 2019-10-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors. | |||||
| CVE-2019-6161 | 1 Lenovo | 2 Cp Storage Block, Cp Storage Block Firmware | 2019-10-01 | 5.0 MEDIUM | 7.5 HIGH |
| An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs. | |||||
| CVE-2016-5729 | 1 Lenovo | 1 Bios Efi Driver | 2019-09-27 | 6.8 MEDIUM | 8.2 HIGH |
| Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors. | |||||
| CVE-2019-6163 | 1 Lenovo | 24 B Series, C100, C200 and 21 more | 2019-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations. | |||||
| CVE-2018-16098 | 2 Lenovo, Microsoft | 120 Synaptics Thinkpad Ultranav Driver, Thiankpad L430, Thiankpad L430 Firmware and 117 more | 2019-05-08 | 7.2 HIGH | 7.8 HIGH |
| In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user. | |||||
| CVE-2017-3762 | 2 Lenovo, Microsoft | 4 Fingerprint Manager Pro, Windows 7, Windows 8 and 1 more | 2019-05-08 | 7.2 HIGH | 7.8 HIGH |
| Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed. | |||||
| CVE-2019-6149 | 1 Lenovo | 2 Dynamic Power Reduction, Thinkpad X1 Carbon | 2019-03-21 | 7.2 HIGH | 6.7 MEDIUM |
| An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges. | |||||
| CVE-2018-9080 | 1 Lenovo | 40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more | 2019-01-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session. | |||||
| CVE-2018-9082 | 1 Lenovo | 40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more | 2019-01-07 | 4.0 MEDIUM | 8.8 HIGH |
| For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their password and retain access to the user's account | |||||
| CVE-2018-16093 | 1 Lenovo | 1 Xclarity Integrator | 2018-12-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file. | |||||
| CVE-2018-16097 | 1 Lenovo | 1 Xclarity Integrator | 2018-12-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate. | |||||
| CVE-2018-9072 | 1 Lenovo | 1 Xclarity Integrator | 2018-12-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads. | |||||
| CVE-2018-9071 | 1 Lenovo | 2 Chassis Management Module, Chassis Management Module Firmware | 2018-12-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration. | |||||
| CVE-2018-9073 | 1 Lenovo | 2 Chassis Management Module, Chassis Management Module Firmware | 2018-12-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets. | |||||
| CVE-2018-12169 | 2 Intel, Lenovo | 32 Core I3, Core I5, Core I7 and 29 more | 2018-12-20 | 4.6 MEDIUM | 7.6 HIGH |
| Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication. | |||||
| CVE-2018-16091 | 1 Lenovo | 8 System Management Module Firmware, Thinkagile Hx Enclosure 7x81, Thinkagile Hx Enclosure 7y87 and 5 more | 2018-12-19 | 6.8 MEDIUM | 8.1 HIGH |
| In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows. | |||||
| CVE-2018-16094 | 1 Lenovo | 8 System Management Module Firmware, Thinkagile Hx Enclosure 7x81, Thinkagile Hx Enclosure 7y87 and 5 more | 2018-12-19 | 6.8 MEDIUM | 8.1 HIGH |
| In System Management Module (SMM) versions prior to 1.06, an internal SMM function that retrieves configuration settings is prone to a buffer overflow. | |||||
| CVE-2018-16096 | 1 Lenovo | 8 System Management Module Firmware, Thinkagile Hx Enclosure 7x81, Thinkagile Hx Enclosure 7y87 and 5 more | 2018-12-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting. | |||||