Vulnerabilities > Lenovo

DATE CVE VULNERABILITY TITLE RISK
2018-07-30 CVE-2018-9064 Unspecified vulnerability in Lenovo Xclarity Administrator
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user.
network
low complexity
lenovo
8.8
2018-07-26 CVE-2018-9068 Use of Hard-coded Credentials vulnerability in multiple products
The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected.
network
low complexity
lenovo ibm CWE-798
7.5
2018-07-19 CVE-2018-9062 Injection vulnerability in Lenovo products
In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.
low complexity
lenovo CWE-74
6.8
2018-07-13 CVE-2018-9070 Unspecified vulnerability in Lenovo Smart Assistant
For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device.
high complexity
lenovo
6.4
2018-07-13 CVE-2018-9067 Unspecified vulnerability in Lenovo Help
The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses and 8,500 IMEI.
network
low complexity
lenovo
7.5
2018-05-04 CVE-2018-9063 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lenovo System Update
MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code.
local
low complexity
lenovo CWE-119
7.8
2018-05-04 CVE-2017-3775 Improper Authentication vulnerability in Lenovo products
Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it.
high complexity
lenovo CWE-287
6.4
2018-04-23 CVE-2017-17833 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
network
low complexity
openslp debian canonical redhat lenovo CWE-119
critical
9.8
2018-04-19 CVE-2017-3776 Information Exposure vulnerability in Lenovo Help
Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this information.
network
low complexity
lenovo CWE-200
7.5
2018-04-19 CVE-2017-3774 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lenovo Integrated Management Module 2 4.70
A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers.
network
low complexity
lenovo CWE-119
critical
9.8