Vulnerabilities > Lenovo > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-22 | CVE-2021-3849 | An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. | 9.8 |
| 2020-03-27 | CVE-2015-5684 | Classic Buffer Overflow vulnerability in Lenovo products MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. | 10.0 |
| 2019-08-21 | CVE-2019-6177 | Information Exposure vulnerability in Lenovo Solution Center 03.12.003 A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. | 9.8 |
| 2019-06-26 | CVE-2019-6167 | Unspecified vulnerability in Lenovo Service Bridge A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. | 9.8 |
| 2019-06-26 | CVE-2019-6168 | Unspecified vulnerability in Lenovo Service Bridge A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. | 9.8 |
| 2018-11-27 | CVE-2018-9083 | Use of Hard-coded Credentials vulnerability in Lenovo System Management Module Firmware In System Management Module (SMM) versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability. | 9.3 |
| 2018-09-28 | CVE-2018-9075 | OS Command Injection vulnerability in Lenovo Lenovoemc Firmware For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. | 9.3 |
| 2018-09-28 | CVE-2018-9076 | OS Command Injection vulnerability in Lenovo Lenovoemc Firmware For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter. | 9.3 |
| 2018-09-28 | CVE-2018-9077 | OS Command Injection vulnerability in Lenovo Lenovoemc Firmware For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. | 9.3 |
| 2018-07-30 | CVE-2018-9066 | Improper Input Validation vulnerability in Lenovo Xclarity Administrator In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system. | 9.0 |