Vulnerabilities > Lenovo
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-07-30 | CVE-2018-9064 | Unspecified vulnerability in Lenovo Xclarity Administrator In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user. | 8.8 |
2018-07-26 | CVE-2018-9068 | Use of Hard-coded Credentials vulnerability in multiple products The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. | 7.5 |
2018-07-19 | CVE-2018-9062 | Injection vulnerability in Lenovo products In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code. | 6.8 |
2018-07-13 | CVE-2018-9070 | Unspecified vulnerability in Lenovo Smart Assistant For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. high complexity lenovo | 6.4 |
2018-07-13 | CVE-2018-9067 | Unspecified vulnerability in Lenovo Help The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses and 8,500 IMEI. | 7.5 |
2018-05-04 | CVE-2018-9063 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lenovo System Update MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. | 7.8 |
2018-05-04 | CVE-2017-3775 | Improper Authentication vulnerability in Lenovo products Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. | 6.4 |
2018-04-23 | CVE-2017-17833 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. | 9.8 |
2018-04-19 | CVE-2017-3776 | Information Exposure vulnerability in Lenovo Help Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this information. | 7.5 |
2018-04-19 | CVE-2017-3774 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lenovo Integrated Management Module 2 4.70 A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. | 9.8 |