Filtered by vendor Lenovo
Subscribe
Total
386 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8335 | 1 Lenovo | 16 Thinkpad A275, Thinkpad A275 Firmware, Thinkpad A285 and 13 more | 2024-11-21 | 4.6 MEDIUM | 6.1 MEDIUM |
| The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access. | |||||
| CVE-2020-8334 | 1 Lenovo | 14 Thinkpad A275, Thinkpad A275 Firmware, Thinkpad A285 and 11 more | 2024-11-21 | 4.6 MEDIUM | 6.1 MEDIUM |
| The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access. | |||||
| CVE-2020-8333 | 1 Lenovo | 54 63, 63 Firmware, H50-30g and 51 more | 2024-11-21 | 7.2 HIGH | 6.4 MEDIUM |
| A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution | |||||
| CVE-2020-8332 | 1 Lenovo | 36 Bladecenter Hs23, Bladecenter Hs23 Firmware, Bladecenter Hs23e and 33 more | 2024-11-21 | 6.9 MEDIUM | 6.4 MEDIUM |
| A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected. | |||||
| CVE-2020-8330 | 1 Lenovo | 6 Lj4010dn, Lj4010dn Firmware, Lj6700dn and 3 more | 2024-11-21 | 7.8 HIGH | 5.3 MEDIUM |
| A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, preventing subsequent print jobs until the printer is rebooted. | |||||
| CVE-2020-8329 | 1 Lenovo | 6 Lj4010dn, Lj4010dn Firmware, Lj6700dn and 3 more | 2024-11-21 | 7.8 HIGH | 5.3 MEDIUM |
| A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, causing an error to be displayed and preventing printer from functioning until the printer is rebooted. | |||||
| CVE-2020-8327 | 1 Lenovo | 1 Vantage | 2024-11-21 | 7.2 HIGH | 7.3 HIGH |
| A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges. | |||||
| CVE-2020-8326 | 1 Lenovo | 1 Drivers Management | 2024-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. | |||||
| CVE-2020-8324 | 1 Lenovo | 1 System Interface Foundation | 2024-11-21 | 2.1 LOW | 5.0 MEDIUM |
| A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed. | |||||
| CVE-2020-8323 | 1 Lenovo | 344 14iwl, 14iwl Firmware, 330-14ast and 341 more | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
| A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution. | |||||
| CVE-2020-8322 | 1 Lenovo | 102 14iwl, 14iwl Firmware, 330-14ast and 99 more | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
| A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. | |||||
| CVE-2020-8321 | 1 Lenovo | 344 130-14ast, 130-14ast Firmware, 130-14ikb and 341 more | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
| A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. | |||||
| CVE-2020-8320 | 1 Lenovo | 200 Thinkpad 11e, Thinkpad 11e Firmware, Thinkpad 11e Yoga Gen 6 and 197 more | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
| An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. | |||||
| CVE-2020-8319 | 1 Lenovo | 1 System Interface Foundation | 2024-11-21 | 7.2 HIGH | 7.3 HIGH |
| A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges. | |||||
| CVE-2020-8318 | 1 Lenovo | 1 System Interface Foundation | 2024-11-21 | 7.2 HIGH | 7.3 HIGH |
| A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges. | |||||
| CVE-2020-8317 | 1 Lenovo | 1 Drivers Management | 2024-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. | |||||
| CVE-2020-8316 | 1 Lenovo | 1 Vantage | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges. | |||||
| CVE-2019-6196 | 1 Lenovo | 1 Installation Package | 2024-11-21 | 6.9 MEDIUM | 6.7 MEDIUM |
| A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation. | |||||
| CVE-2019-6195 | 1 Lenovo | 33 Thinkagile Hx 1000, Thinkagile Hx 2000, Thinkagile Hx 3000 and 30 more | 2024-11-21 | 2.1 LOW | 4.8 MEDIUM |
| An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when “Local Authentication and Authorization” or “LDAP Authentication and Authorization” modes are configured and used by XCC. | |||||
| CVE-2019-6194 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | 4.3 MEDIUM | 5.7 MEDIUM |
| An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure. | |||||