Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-14 | CVE-2020-8338 | Untrusted Search Path vulnerability in Lenovo Diagnostics A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system. | 7.8 |
| 2020-10-14 | CVE-2020-8332 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Lenovo products A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. | 6.4 |
| 2020-09-24 | CVE-2020-8348 | Cross-site Scripting vulnerability in Lenovo Enterprise Network Disk 6.1 A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing. | 6.1 |
| 2020-09-24 | CVE-2020-8347 | Cross-site Scripting vulnerability in Lenovo Enterprise Network Disk 6.1 A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through phishing. | 6.1 |
| 2020-09-24 | CVE-2020-8333 | Unspecified vulnerability in Lenovo products A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution | 7.8 |
| 2020-09-15 | CVE-2020-8346 | Incorrect Default Permissions vulnerability in Lenovo System Interface Foundation 1.0.66.0/1.1.18.3/1.1.19.3 A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations. | 5.5 |
| 2020-09-15 | CVE-2020-8342 | Race Condition vulnerability in Lenovo System Update A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. | 7.0 |
| 2020-09-15 | CVE-2020-8340 | Cross-site Scripting vulnerability in Lenovo Integrated Management Module 2 A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. | 6.1 |
| 2020-09-01 | CVE-2020-8341 | Unspecified vulnerability in Lenovo products In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. low complexity lenovo | 2.4 |
| 2020-09-01 | CVE-2020-8335 | Unspecified vulnerability in Lenovo products The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access. low complexity lenovo | 6.8 |