Vulnerabilities > Lenovo > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-23 | CVE-2017-17833 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. | 9.8 |
| 2018-04-19 | CVE-2017-3774 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lenovo Integrated Management Module 2 4.70 A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. | 9.8 |
| 2017-10-17 | CVE-2017-3761 | OS Command Injection vulnerability in Lenovo Service Framework The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. | 9.8 |
| 2017-10-17 | CVE-2017-3758 | Unspecified vulnerability in Lenovo Service Framework Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution. | 9.8 |
| 2017-03-11 | CVE-2017-5638 | Improper Handling of Exceptional Conditions vulnerability in multiple products The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | 9.8 |
| 2017-03-01 | CVE-2016-8233 | Information Exposure Through Log Files vulnerability in Lenovo Xclarity Administrator Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. | 9.8 |