Vulnerabilities > Lenovo
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-11-27 | CVE-2018-16091 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lenovo System Management Module Firmware 1.05 In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows. | 8.1 |
2018-11-27 | CVE-2018-16090 | OS Command Injection vulnerability in Lenovo System Management Module Firmware 1.05 In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection. | 7.5 |
2018-11-27 | CVE-2018-16089 | OS Command Injection vulnerability in Lenovo System Management Module Firmware 1.05 In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user. | 7.5 |
2018-11-16 | CVE-2018-9086 | OS Command Injection vulnerability in Lenovo products In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. | 7.2 |
2018-11-16 | CVE-2018-9085 | Incorrect Default Permissions vulnerability in multiple products A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors. | 4.9 |
2018-11-16 | CVE-2018-9073 | Use of Hard-coded Credentials vulnerability in Lenovo Chassis Management Module Firmware Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. | 5.9 |
2018-11-16 | CVE-2018-9071 | Information Exposure vulnerability in Lenovo Chassis Management Module Firmware Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. | 5.3 |
2018-10-02 | CVE-2018-9069 | Race Condition vulnerability in multiple products In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS. | 5.9 |
2018-09-28 | CVE-2018-9082 | Session Fixation vulnerability in Lenovo products For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. | 8.8 |
2018-09-28 | CVE-2018-9081 | Cross-site Scripting vulnerability in Lenovo products For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. | 4.7 |