Vulnerabilities > Lenovo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-28 | CVE-2018-9077 | OS Command Injection vulnerability in Lenovo Lenovoemc Firmware 4.1.402.34662 For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. | 8.1 |
| 2018-09-28 | CVE-2018-9076 | OS Command Injection vulnerability in Lenovo Lenovoemc Firmware 4.1.402.34662 For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter. | 8.1 |
| 2018-09-28 | CVE-2018-9075 | OS Command Injection vulnerability in Lenovo Lenovoemc Firmware 4.1.402.34662 For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. | 8.1 |
| 2018-09-21 | CVE-2018-12169 | Improper Authentication vulnerability in multiple products Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication. | 7.6 |
| 2018-07-30 | CVE-2018-9066 | Improper Input Validation vulnerability in Lenovo Xclarity Administrator In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system. | 8.8 |
| 2018-07-30 | CVE-2018-9065 | Cleartext Storage of Sensitive Information vulnerability in Lenovo Xclarity Administrator In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended. | 7.5 |
| 2018-07-30 | CVE-2018-9064 | Unspecified vulnerability in Lenovo Xclarity Administrator In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user. | 8.8 |
| 2018-07-26 | CVE-2018-9068 | Use of Hard-coded Credentials vulnerability in multiple products The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. | 7.5 |
| 2018-07-13 | CVE-2018-9067 | Unspecified vulnerability in Lenovo Help The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses and 8,500 IMEI. | 7.5 |
| 2018-05-04 | CVE-2018-9063 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lenovo System Update MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. | 7.8 |