Vulnerabilities > Lenovo
|2020-11-30||CVE-2020-8351|| Improper Privilege Management vulnerability in Lenovo Pcmanager |
A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 18.104.22.16862 that could allow an authenticated user to execute code with elevated privileges.
| 4.6 |
|2020-11-11||CVE-2020-8354|| Unspecified vulnerability in Lenovo Notebook Firmware |
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.
| 7.2 |
|2020-11-11||CVE-2020-8353|| Unspecified vulnerability in Lenovo products |
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled.
| 4.6 |
|2020-11-11||CVE-2020-8352|| Unspecified vulnerability in Lenovo products |
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.
| 2.1 |
|2020-10-14||CVE-2020-8350|| Improper Authentication vulnerability in Lenovo Thinkpad Stack Wireless Router Firmware |
An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 22.214.171.124 that could allow escalation of privilege.
| 5.8 |
|2020-10-14||CVE-2020-8349|| Code Injection vulnerability in Lenovo Cloud Networking Operating System |
An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface.
| 6.8 |
|2020-10-14||CVE-2020-8345|| Uncontrolled Search Path Element vulnerability in Lenovo Hardware Scan |
A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 126.96.36.199 that could allow escalation of privilege.
| 4.4 |
|2020-10-14||CVE-2020-8338|| Untrusted Search Path vulnerability in Lenovo Diagnostics |
A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.
| 7.2 |
|2020-10-14||CVE-2020-8332|| Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in Lenovo products |
A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution.
| 6.9 |
|2020-09-24||CVE-2020-8348|| Cross-Site Scripting vulnerability in Lenovo Enterprise Network Disk 6.1 |
A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing.
| 4.3 |