Filtered by vendor Lenovo
Subscribe
Total
385 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8322 | 1 Lenovo | 102 14iwl, 14iwl Firmware, 330-14ast and 99 more | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
| A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. | |||||
| CVE-2020-8321 | 1 Lenovo | 344 130-14ast, 130-14ast Firmware, 130-14ikb and 341 more | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
| A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. | |||||
| CVE-2020-8320 | 1 Lenovo | 200 Thinkpad 11e, Thinkpad 11e Firmware, Thinkpad 11e Yoga Gen 6 and 197 more | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
| An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. | |||||
| CVE-2020-8319 | 1 Lenovo | 1 System Interface Foundation | 2024-11-21 | 7.2 HIGH | 7.3 HIGH |
| A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges. | |||||
| CVE-2020-8318 | 1 Lenovo | 1 System Interface Foundation | 2024-11-21 | 7.2 HIGH | 7.3 HIGH |
| A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges. | |||||
| CVE-2020-8317 | 1 Lenovo | 1 Drivers Management | 2024-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. | |||||
| CVE-2020-8316 | 1 Lenovo | 1 Vantage | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges. | |||||
| CVE-2019-6196 | 1 Lenovo | 1 Installation Package | 2024-11-21 | 6.9 MEDIUM | 6.7 MEDIUM |
| A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation. | |||||
| CVE-2019-6195 | 1 Lenovo | 33 Thinkagile Hx 1000, Thinkagile Hx 2000, Thinkagile Hx 3000 and 30 more | 2024-11-21 | 2.1 LOW | 4.8 MEDIUM |
| An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when “Local Authentication and Authorization” or “LDAP Authentication and Authorization” modes are configured and used by XCC. | |||||
| CVE-2019-6194 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | 4.3 MEDIUM | 5.7 MEDIUM |
| An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure. | |||||
| CVE-2019-6193 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes. | |||||
| CVE-2019-6192 | 1 Lenovo | 81 Power Management Driver, Thinkpad 13 Gen 2, Thinkpad 25 and 78 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service. | |||||
| CVE-2019-6191 | 1 Lenovo | 1 Paper | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation. | |||||
| CVE-2019-6190 | 1 Lenovo | 364 510-15ikl, 510-15ikl Firmware, 510s-08ikl and 361 more | 2024-11-21 | 2.1 LOW | 5.0 MEDIUM |
| Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled. | |||||
| CVE-2019-6189 | 1 Lenovo | 1 System Interface Foundation | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL. | |||||
| CVE-2019-6188 | 1 Lenovo | 784 130-14ikb, 130-14ikb Firmware, 130-15ikb and 781 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access. | |||||
| CVE-2019-6187 | 1 Lenovo | 42 Thinksystem Sr670, Thinkagile 7d1h, Thinkagile 7x82 and 39 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server. | |||||
| CVE-2019-6186 | 1 Lenovo | 1 System Interface Foundation | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user. | |||||
| CVE-2019-6184 | 1 Lenovo | 1 Customer Engagement Service | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation. | |||||
| CVE-2019-6183 | 1 Lenovo | 1 Energy Management | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not affected. | |||||