Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-30 | CVE-2018-9066 | Improper Input Validation vulnerability in Lenovo Xclarity Administrator In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system. | 9.0 |
| 2018-07-30 | CVE-2018-9065 | Cleartext Storage of Sensitive Information vulnerability in Lenovo Xclarity Administrator In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended. | 3.5 |
| 2018-07-30 | CVE-2018-9064 | Unspecified vulnerability in Lenovo Xclarity Administrator In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user. | 4.0 |
| 2018-07-26 | CVE-2018-9068 | Use of Hard-coded Credentials vulnerability in multiple products The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. | 5.0 |
| 2018-07-19 | CVE-2018-9062 | Injection vulnerability in Lenovo products In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code. | 7.2 |
| 2018-07-15 | CVE-2018-14066 | SQL Injection vulnerability in Google Android 6.0/7.0 The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. | 7.5 |
| 2018-07-13 | CVE-2018-9070 | Unspecified vulnerability in Lenovo Smart Assistant For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. local lenovo | 6.9 |
| 2018-07-13 | CVE-2018-9067 | Unspecified vulnerability in Lenovo Help The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses and 8,500 IMEI. | 5.0 |
| 2018-05-04 | CVE-2018-9063 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lenovo System Update MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. | 4.6 |
| 2018-05-04 | CVE-2017-3775 | Improper Authentication vulnerability in Lenovo products Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. | 6.9 |