Vulnerabilities > Lenovo > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-22 | CVE-2021-3849 | An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. | 9.8 |
| 2022-04-22 | CVE-2021-3897 | An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. | 9.8 |
| 2021-08-17 | CVE-2021-3616 | Unspecified vulnerability in Lenovo products A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. | 9.8 |
| 2020-10-14 | CVE-2020-8349 | Code Injection vulnerability in Lenovo Cloud Networking Operating System An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. | 9.8 |
| 2020-03-27 | CVE-2015-5684 | Classic Buffer Overflow vulnerability in Lenovo products MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. | 9.8 |
| 2019-11-12 | CVE-2019-6188 | Unspecified vulnerability in Lenovo products The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access. | 9.8 |
| 2019-08-21 | CVE-2019-6177 | Information Exposure vulnerability in Lenovo Solution Center 03.12.003 A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. | 9.8 |
| 2019-06-26 | CVE-2019-6168 | Unspecified vulnerability in Lenovo Service Bridge A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. | 9.8 |
| 2019-06-26 | CVE-2019-6167 | Unspecified vulnerability in Lenovo Service Bridge A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. | 9.8 |
| 2018-09-28 | CVE-2018-9079 | Cross-site Scripting vulnerability in Lenovo products For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. | 9.8 |