Vendor CVEs
Lenovo
All CVEs
486 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-16098 | 0.00 | — | 0.00 | Jan 24, 2019 | In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user. | |||
| CVE-2018-16093 | 0.00 | — | 0.01 | Nov 30, 2018 | In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file. | |||
| CVE-2018-9072 | 0.00 | — | 0.01 | Nov 30, 2018 | In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads. | |||
| CVE-2018-16097 | 0.00 | — | 0.00 | Nov 30, 2018 | LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate. | |||
| CVE-2018-9083 | 0.00 | — | 0.01 | Nov 27, 2018 | In System Management Module (SMM) versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability. | |||
| CVE-2018-16094 | 0.00 | — | 0.01 | Nov 27, 2018 | In System Management Module (SMM) versions prior to 1.06, an internal SMM function that retrieves configuration settings is prone to a buffer overflow. | |||
| CVE-2018-16089 | 0.00 | — | 0.02 | Nov 27, 2018 | In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user. | |||
| CVE-2018-16096 | 0.00 | — | 0.01 | Nov 27, 2018 | In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting. | |||
| CVE-2018-16091 | 0.00 | — | 0.01 | Nov 27, 2018 | In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows. | |||
| CVE-2018-16090 | 0.00 | — | 0.01 | Nov 27, 2018 | In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection. | |||
| CVE-2018-9084 | 0.00 | — | 0.01 | Nov 27, 2018 | In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented. | |||
| CVE-2018-16092 | 0.00 | — | 0.01 | Nov 27, 2018 | In System Management Module (SMM) versions prior to 1.06, the FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow file. | |||
| CVE-2018-16095 | 0.00 | — | 0.01 | Nov 27, 2018 | In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails. | |||
| CVE-2018-9085 | 0.00 | — | 0.01 | Nov 16, 2018 | A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash… | |||
| CVE-2018-9073 | 0.00 | — | 0.01 | Nov 16, 2018 | Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets. | |||
| CVE-2018-9071 | 0.00 | — | 0.01 | Nov 16, 2018 | Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration. | |||
| CVE-2018-9086 | 0.00 | — | 0.02 | Nov 16, 2018 | In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users. | |||
| CVE-2015-7820 | 0.00 | — | 0.01 | Nov 12, 2015 | Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing… | |||
| CVE-2015-7819 | 0.00 | — | 0.01 | Nov 12, 2015 | The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password. | |||
| CVE-2015-7818 | 0.00 | — | 0.00 | Nov 12, 2015 | The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a… | |||
| CVE-2015-7817 | 0.00 | — | 0.01 | Nov 12, 2015 | Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing… | |||
| CVE-2015-3214 | 0.00 | — | 0.02 | Aug 31, 2015 | The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. | |||
| CVE-2015-2234 | 0.00 | — | 0.00 | May 12, 2015 | Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated. | |||
| CVE-2015-2233 | 0.00 | — | 0.00 | May 12, 2015 | Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate. | |||
| CVE-2015-3324 | 0.00 | — | 0.00 | Apr 16, 2015 | The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof… | |||
| CVE-2015-3323 | 0.00 | — | 0.01 | Apr 16, 2015 | The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication. | |||
| CVE-2015-3322 | 0.00 | — | 0.01 | Apr 16, 2015 | Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors. | |||
| CVE-2015-3320 | 0.00 | — | 0.00 | Apr 16, 2015 | Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output. | |||
| CVE-2014-1939 | 0.00 | — | 0.01 | Mar 3, 2014 | java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at… | |||
| CVE-2009-0655 | 0.00 | — | 0.00 | Feb 20, 2009 | Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user. | |||
| CVE-2008-4589 | 0.00 | — | 0.01 | Oct 15, 2008 | Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name. | |||
| CVE-2008-3249 | 0.00 | — | 0.01 | Jul 21, 2008 | The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM. | |||
| CVE-2007-2240 | 0.00 | — | 0.03 | Aug 15, 2007 | The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it… | |||
| CVE-2007-2929 | 0.00 | — | 0.03 | Aug 15, 2007 | The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to… | |||
| CVE-2007-2928 | 0.00 | — | 0.05 | Aug 15, 2007 | Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via… | |||
| CVE-2007-1307 | 0.00 | — | 0.02 | Mar 7, 2007 | Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors. |
- CVE-2018-16098Jan 24, 2019risk 0.00cvss —epss 0.00
In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.
- CVE-2018-16093Nov 30, 2018risk 0.00cvss —epss 0.01
In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file.
- CVE-2018-9072Nov 30, 2018risk 0.00cvss —epss 0.01
In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads.
- CVE-2018-16097Nov 30, 2018risk 0.00cvss —epss 0.00
LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.
- CVE-2018-9083Nov 27, 2018risk 0.00cvss —epss 0.01
In System Management Module (SMM) versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability.
- CVE-2018-16094Nov 27, 2018risk 0.00cvss —epss 0.01
In System Management Module (SMM) versions prior to 1.06, an internal SMM function that retrieves configuration settings is prone to a buffer overflow.
- CVE-2018-16089Nov 27, 2018risk 0.00cvss —epss 0.02
In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user.
- CVE-2018-16096Nov 27, 2018risk 0.00cvss —epss 0.01
In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting.
- CVE-2018-16091Nov 27, 2018risk 0.00cvss —epss 0.01
In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows.
- CVE-2018-16090Nov 27, 2018risk 0.00cvss —epss 0.01
In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection.
- CVE-2018-9084Nov 27, 2018risk 0.00cvss —epss 0.01
In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented.
- CVE-2018-16092Nov 27, 2018risk 0.00cvss —epss 0.01
In System Management Module (SMM) versions prior to 1.06, the FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow file.
- CVE-2018-16095Nov 27, 2018risk 0.00cvss —epss 0.01
In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails.
- CVE-2018-9085Nov 16, 2018risk 0.00cvss —epss 0.01
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash…
- CVE-2018-9073Nov 16, 2018risk 0.00cvss —epss 0.01
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets.
- CVE-2018-9071Nov 16, 2018risk 0.00cvss —epss 0.01
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration.
- CVE-2018-9086Nov 16, 2018risk 0.00cvss —epss 0.02
In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.
- CVE-2015-7820Nov 12, 2015risk 0.00cvss —epss 0.01
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing…
- CVE-2015-7819Nov 12, 2015risk 0.00cvss —epss 0.01
The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password.
- CVE-2015-7818Nov 12, 2015risk 0.00cvss —epss 0.00
The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a…
- CVE-2015-7817Nov 12, 2015risk 0.00cvss —epss 0.01
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing…
- CVE-2015-3214Aug 31, 2015risk 0.00cvss —epss 0.02
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
- CVE-2015-2234May 12, 2015risk 0.00cvss —epss 0.00
Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.
- CVE-2015-2233May 12, 2015risk 0.00cvss —epss 0.00
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate.
- CVE-2015-3324Apr 16, 2015risk 0.00cvss —epss 0.00
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof…
- CVE-2015-3323Apr 16, 2015risk 0.00cvss —epss 0.01
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication.
- CVE-2015-3322Apr 16, 2015risk 0.00cvss —epss 0.01
Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.
- CVE-2015-3320Apr 16, 2015risk 0.00cvss —epss 0.00
Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output.
- CVE-2014-1939Mar 3, 2014risk 0.00cvss —epss 0.01
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at…
- CVE-2009-0655Feb 20, 2009risk 0.00cvss —epss 0.00
Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user.
- CVE-2008-4589Oct 15, 2008risk 0.00cvss —epss 0.01
Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name.
- CVE-2008-3249Jul 21, 2008risk 0.00cvss —epss 0.01
The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.
- CVE-2007-2240Aug 15, 2007risk 0.00cvss —epss 0.03
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it…
- CVE-2007-2929Aug 15, 2007risk 0.00cvss —epss 0.03
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to…
- CVE-2007-2928Aug 15, 2007risk 0.00cvss —epss 0.05
Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via…
- CVE-2007-1307Mar 7, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.
Page 10 of 10