Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-14 | CVE-2020-8350 | Improper Authentication vulnerability in Lenovo Thinkpad Stack Wireless Router Firmware 1.1.3.4 An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege. | 8.8 |
| 2020-10-14 | CVE-2020-8349 | Code Injection vulnerability in Lenovo Cloud Networking Operating System An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. | 9.8 |
| 2020-10-14 | CVE-2020-8345 | Uncontrolled Search Path Element vulnerability in Lenovo Hardware Scan A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege. | 7.8 |
| 2020-10-14 | CVE-2020-8338 | Untrusted Search Path vulnerability in Lenovo Diagnostics A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system. | 7.8 |
| 2020-10-14 | CVE-2020-8332 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Lenovo products A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. | 6.4 |
| 2020-09-24 | CVE-2020-8348 | Cross-site Scripting vulnerability in Lenovo Enterprise Network Disk 6.1 A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing. | 6.1 |
| 2020-09-24 | CVE-2020-8347 | Cross-site Scripting vulnerability in Lenovo Enterprise Network Disk 6.1 A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through phishing. | 6.1 |
| 2020-09-24 | CVE-2020-8333 | Unspecified vulnerability in Lenovo products A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution | 7.8 |
| 2020-09-15 | CVE-2020-8346 | Incorrect Default Permissions vulnerability in Lenovo System Interface Foundation 1.0.66.0/1.1.18.3/1.1.19.3 A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations. | 5.5 |
| 2020-09-15 | CVE-2020-8342 | Race Condition vulnerability in Lenovo System Update A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. | 7.0 |