Filtered by vendor Lenovo
Subscriptions
Total
403 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8351 | 1 Lenovo | 1 Pcmanager | 2024-08-04 | 7.8 High |
| A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges. | ||||
| CVE-2020-8354 | 1 Lenovo | 2 Notebook, Notebook Firmware | 2024-08-04 | 6.4 Medium |
| A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution. | ||||
| CVE-2020-8348 | 1 Lenovo | 1 Enterprise Network Disk | 2024-08-04 | 6.1 Medium |
| A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing. | ||||
| CVE-2020-8349 | 1 Lenovo | 10 Cloud Networking Operating System, Rackswitch G8272, Rackswitch G8296 and 7 more | 2024-08-04 | 9.8 Critical |
| An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL. | ||||
| CVE-2020-8345 | 1 Lenovo | 1 Hardware Scan | 2024-08-04 | 7.3 High |
| A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege. | ||||
| CVE-2020-8353 | 1 Lenovo | 28 Thinkcentre M80s, Thinkcentre M80s Firmware, Thinkcentre M80t and 25 more | 2024-08-04 | 6.7 Medium |
| Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT. | ||||
| CVE-2020-8332 | 1 Lenovo | 36 Bladecenter Hs23, Bladecenter Hs23 Firmware, Bladecenter Hs23e and 33 more | 2024-08-04 | 6.4 Medium |
| A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected. | ||||
| CVE-2020-8352 | 1 Lenovo | 32 Qitian 4500, Qitian 4500 Firmware, Qitian B4550 and 29 more | 2024-08-04 | 2.4 Low |
| In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes. | ||||
| CVE-2020-8357 | 1 Lenovo | 1 Pcmanager | 2024-08-04 | 5.5 Medium |
| A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations. | ||||
| CVE-2021-42852 | 1 Lenovo | 10 A1, A1 Firmware, T1 and 7 more | 2024-08-04 | 8 High |
| A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device. | ||||
| CVE-2021-42851 | 1 Lenovo | 10 A1, A1 Firmware, T1 and 7 more | 2024-08-04 | 6.3 Medium |
| A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account. | ||||
| CVE-2021-42849 | 1 Lenovo | 10 A1, A1 Firmware, T1 and 7 more | 2024-08-04 | 6.8 Medium |
| A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access. | ||||
| CVE-2021-42848 | 1 Lenovo | 10 A1, A1 Firmware, T1 and 7 more | 2024-08-04 | 4.3 Medium |
| An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details. | ||||
| CVE-2021-42850 | 1 Lenovo | 10 A1, A1 Firmware, T1 and 7 more | 2024-08-04 | 8.8 High |
| A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access. | ||||
| CVE-2021-42205 | 1 Lenovo | 1 Elan Miniport Touchpad Driver | 2024-08-04 | 4.7 Medium |
| ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice. | ||||
| CVE-2021-4211 | 1 Lenovo | 106 A340-22icb, A340-22icb Firmware, A340-22ick and 103 more | 2024-08-03 | 6.7 Medium |
| A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2021-4212 | 1 Lenovo | 124 C340-14iml, C340-14iml Firmware, C340-15iml and 121 more | 2024-08-03 | 6.7 Medium |
| A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2021-4210 | 1 Lenovo | 64 A540-24icb, A540-24icb Firmware, A540-27icb and 61 more | 2024-08-03 | 6.7 Medium |
| A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2021-3970 | 1 Lenovo | 210 Ideapad 3-14ada05, Ideapad 3-14ada05 Firmware, Ideapad 3-14ada6 and 207 more | 2024-08-03 | 6.7 Medium |
| A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2021-3922 | 1 Lenovo | 1 System Interface Foundation | 2024-08-03 | 7.8 High |
| A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe. | ||||