Vendor CVEs
Lenovo
All CVEs
486 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-21571 | 0.00 | — | 0.01 | Jun 24, 2021 | Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a… | |||
| CVE-2021-3464 | 0.00 | — | 0.00 | Apr 27, 2021 | A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation. | |||
| CVE-2021-3451 | 0.00 | — | 0.00 | Apr 27, 2021 | A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations. | |||
| CVE-2021-3473 | 0.00 | — | 0.00 | Apr 13, 2021 | An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore… | |||
| CVE-2021-3462 | 0.00 | — | 0.00 | Apr 13, 2021 | A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object. | |||
| CVE-2021-3463 | 0.00 | — | 0.00 | Apr 13, 2021 | A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error. | |||
| CVE-2021-21529 | 0.00 | — | 0.00 | Apr 2, 2021 | Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to cause the system to run out of memory by running multiple instances of the… | |||
| CVE-2021-3417 | 0.00 | — | 0.01 | Mar 9, 2021 | An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator (LXCA), if added as a Resource Manager, are encoded then written to an internal LXCO log file each time a session is established with LXCA. Affected… | |||
| CVE-2020-8357 | 0.00 | — | 0.00 | Mar 9, 2021 | A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations. | |||
| CVE-2020-8356 | 0.00 | — | 0.01 | Mar 9, 2021 | An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture (FFDC)… | |||
| CVE-2020-8355 | 0.00 | — | 0.01 | Feb 10, 2021 | An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if… | |||
| CVE-2020-8351 | 0.00 | — | 0.00 | Nov 30, 2020 | A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges. | |||
| CVE-2020-8354 | 0.00 | — | 0.00 | Nov 11, 2020 | A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution. | |||
| CVE-2020-8352 | 0.00 | — | 0.00 | Nov 11, 2020 | In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes. | |||
| CVE-2020-8353 | 0.00 | — | 0.01 | Nov 11, 2020 | Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT. | |||
| CVE-2020-8350 | 0.00 | — | 0.01 | Oct 14, 2020 | An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege. | |||
| CVE-2020-8349 | 0.00 | — | 0.02 | Oct 14, 2020 | An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is… | |||
| CVE-2020-8345 | 0.00 | — | 0.00 | Oct 14, 2020 | A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege. | |||
| CVE-2020-8338 | 0.00 | — | 0.00 | Oct 14, 2020 | A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system. | |||
| CVE-2020-8332 | 0.00 | — | 0.00 | Oct 14, 2020 | A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected. | |||
| CVE-2020-8348 | 0.00 | — | 0.01 | Sep 24, 2020 | A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing. | |||
| CVE-2020-8347 | 0.00 | — | 0.01 | Sep 24, 2020 | A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through phishing. | |||
| CVE-2020-8333 | 0.00 | — | 0.00 | Sep 24, 2020 | A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution | |||
| CVE-2020-8346 | 0.00 | — | 0.00 | Sep 15, 2020 | A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations. | |||
| CVE-2020-8342 | 0.00 | — | 0.00 | Sep 15, 2020 | A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. | |||
| CVE-2020-8340 | 0.00 | — | 0.01 | Sep 15, 2020 | A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could… | |||
| CVE-2020-8341 | 0.00 | — | 0.00 | Sep 1, 2020 | In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for… | |||
| CVE-2020-8335 | 0.00 | — | 0.00 | Sep 1, 2020 | The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may… | |||
| CVE-2020-8326 | 0.00 | — | 0.00 | Jul 24, 2020 | An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. | |||
| CVE-2020-8317 | 0.00 | — | 0.00 | Jul 24, 2020 | A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. | |||
| CVE-2020-8337 | 0.00 | — | 0.00 | Jun 9, 2020 | An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code. | |||
| CVE-2020-8336 | 0.00 | — | 0.00 | Jun 9, 2020 | Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash. | |||
| CVE-2020-8334 | 0.00 | — | 0.00 | Jun 9, 2020 | The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access. | |||
| CVE-2020-8323 | 0.00 | — | 0.00 | Jun 9, 2020 | A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution. | |||
| CVE-2020-8322 | 0.00 | — | 0.00 | Jun 9, 2020 | A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. | |||
| CVE-2020-8321 | 0.00 | — | 0.00 | Jun 9, 2020 | A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. | |||
| CVE-2020-8320 | 0.00 | — | 0.00 | Jun 9, 2020 | An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. | |||
| CVE-2019-6196 | 0.00 | — | 0.00 | Jun 9, 2020 | A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation. | |||
| CVE-2019-6173 | 0.00 | — | 0.00 | Jun 9, 2020 | A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges. | |||
| CVE-2020-8330 | 0.00 | — | 0.02 | May 28, 2020 | A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, preventing subsequent print jobs until the printer is rebooted. | |||
| CVE-2020-8329 | 0.00 | — | 0.02 | May 28, 2020 | A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, causing an error to be displayed and preventing printer from functioning until… | |||
| CVE-2019-15234 | 0.00 | — | 0.02 | Apr 27, 2020 | SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. This is different from… | |||
| CVE-2019-14941 | 0.00 | — | 0.02 | Apr 27, 2020 | SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. | |||
| CVE-2020-8327 | 0.00 | — | 0.00 | Apr 14, 2020 | A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges. | |||
| CVE-2020-8324 | 0.00 | — | 0.00 | Apr 14, 2020 | A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed. | |||
| CVE-2020-8319 | 0.00 | — | 0.00 | Apr 14, 2020 | A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges. | |||
| CVE-2020-8318 | 0.00 | — | 0.00 | Apr 14, 2020 | A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges. | |||
| CVE-2020-8316 | 0.00 | — | 0.00 | Apr 14, 2020 | A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges. | |||
| CVE-2015-5684 | 0.00 | — | 0.04 | Mar 27, 2020 | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow… | |||
| CVE-2015-7336 | 0.00 | — | 0.01 | Mar 27, 2020 | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed. |
- CVE-2021-21571Jun 24, 2021risk 0.00cvss —epss 0.01
Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a…
- CVE-2021-3464Apr 27, 2021risk 0.00cvss —epss 0.00
A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation.
- CVE-2021-3451Apr 27, 2021risk 0.00cvss —epss 0.00
A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations.
- CVE-2021-3473Apr 13, 2021risk 0.00cvss —epss 0.00
An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore…
- CVE-2021-3462Apr 13, 2021risk 0.00cvss —epss 0.00
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
- CVE-2021-3463Apr 13, 2021risk 0.00cvss —epss 0.00
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.
- CVE-2021-21529Apr 2, 2021risk 0.00cvss —epss 0.00
Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to cause the system to run out of memory by running multiple instances of the…
- CVE-2021-3417Mar 9, 2021risk 0.00cvss —epss 0.01
An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator (LXCA), if added as a Resource Manager, are encoded then written to an internal LXCO log file each time a session is established with LXCA. Affected…
- CVE-2020-8357Mar 9, 2021risk 0.00cvss —epss 0.00
A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations.
- CVE-2020-8356Mar 9, 2021risk 0.00cvss —epss 0.01
An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture (FFDC)…
- CVE-2020-8355Feb 10, 2021risk 0.00cvss —epss 0.01
An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if…
- CVE-2020-8351Nov 30, 2020risk 0.00cvss —epss 0.00
A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.
- CVE-2020-8354Nov 11, 2020risk 0.00cvss —epss 0.00
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.
- CVE-2020-8352Nov 11, 2020risk 0.00cvss —epss 0.00
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.
- CVE-2020-8353Nov 11, 2020risk 0.00cvss —epss 0.01
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.
- CVE-2020-8350Oct 14, 2020risk 0.00cvss —epss 0.01
An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege.
- CVE-2020-8349Oct 14, 2020risk 0.00cvss —epss 0.02
An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is…
- CVE-2020-8345Oct 14, 2020risk 0.00cvss —epss 0.00
A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.
- CVE-2020-8338Oct 14, 2020risk 0.00cvss —epss 0.00
A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.
- CVE-2020-8332Oct 14, 2020risk 0.00cvss —epss 0.00
A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.
- CVE-2020-8348Sep 24, 2020risk 0.00cvss —epss 0.01
A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing.
- CVE-2020-8347Sep 24, 2020risk 0.00cvss —epss 0.01
A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through phishing.
- CVE-2020-8333Sep 24, 2020risk 0.00cvss —epss 0.00
A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution
- CVE-2020-8346Sep 15, 2020risk 0.00cvss —epss 0.00
A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations.
- CVE-2020-8342Sep 15, 2020risk 0.00cvss —epss 0.00
A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.
- CVE-2020-8340Sep 15, 2020risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could…
- CVE-2020-8341Sep 1, 2020risk 0.00cvss —epss 0.00
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for…
- CVE-2020-8335Sep 1, 2020risk 0.00cvss —epss 0.00
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may…
- CVE-2020-8326Jul 24, 2020risk 0.00cvss —epss 0.00
An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.
- CVE-2020-8317Jul 24, 2020risk 0.00cvss —epss 0.00
A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.
- CVE-2020-8337Jun 9, 2020risk 0.00cvss —epss 0.00
An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.
- CVE-2020-8336Jun 9, 2020risk 0.00cvss —epss 0.00
Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.
- CVE-2020-8334Jun 9, 2020risk 0.00cvss —epss 0.00
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.
- CVE-2020-8323Jun 9, 2020risk 0.00cvss —epss 0.00
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.
- CVE-2020-8322Jun 9, 2020risk 0.00cvss —epss 0.00
A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.
- CVE-2020-8321Jun 9, 2020risk 0.00cvss —epss 0.00
A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.
- CVE-2020-8320Jun 9, 2020risk 0.00cvss —epss 0.00
An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.
- CVE-2019-6196Jun 9, 2020risk 0.00cvss —epss 0.00
A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation.
- CVE-2019-6173Jun 9, 2020risk 0.00cvss —epss 0.00
A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges.
- CVE-2020-8330May 28, 2020risk 0.00cvss —epss 0.02
A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, preventing subsequent print jobs until the printer is rebooted.
- CVE-2020-8329May 28, 2020risk 0.00cvss —epss 0.02
A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, causing an error to be displayed and preventing printer from functioning until…
- CVE-2019-15234Apr 27, 2020risk 0.00cvss —epss 0.02
SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. This is different from…
- CVE-2019-14941Apr 27, 2020risk 0.00cvss —epss 0.02
SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation.
- CVE-2020-8327Apr 14, 2020risk 0.00cvss —epss 0.00
A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges.
- CVE-2020-8324Apr 14, 2020risk 0.00cvss —epss 0.00
A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed.
- CVE-2020-8319Apr 14, 2020risk 0.00cvss —epss 0.00
A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges.
- CVE-2020-8318Apr 14, 2020risk 0.00cvss —epss 0.00
A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges.
- CVE-2020-8316Apr 14, 2020risk 0.00cvss —epss 0.00
A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges.
- CVE-2015-5684Mar 27, 2020risk 0.00cvss —epss 0.04
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow…
- CVE-2015-7336Mar 27, 2020risk 0.00cvss —epss 0.01
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.
Page 8 of 10