Vulnerabilities > Lenovo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-14 | CVE-2020-8345 | Uncontrolled Search Path Element vulnerability in Lenovo Hardware Scan A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege. | 7.8 |
| 2020-10-14 | CVE-2020-8338 | Untrusted Search Path vulnerability in Lenovo Diagnostics A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system. | 7.8 |
| 2020-09-24 | CVE-2020-8333 | Unspecified vulnerability in Lenovo products A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution | 7.8 |
| 2020-09-15 | CVE-2020-8342 | Race Condition vulnerability in Lenovo System Update A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. | 7.0 |
| 2020-07-24 | CVE-2020-8326 | Unquoted Search Path or Element vulnerability in Lenovo Drivers Management An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. | 7.8 |
| 2020-07-24 | CVE-2020-8317 | Untrusted Search Path vulnerability in Lenovo Drivers Management A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. | 7.8 |
| 2020-07-22 | CVE-2019-18619 | Release of Invalid Pointer or Reference vulnerability in multiple products Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers. | 7.8 |
| 2020-06-09 | CVE-2019-6196 | Untrusted Search Path vulnerability in Lenovo Installation Package A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation. | 7.3 |
| 2020-05-28 | CVE-2020-8330 | Unspecified vulnerability in Lenovo products A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, preventing subsequent print jobs until the printer is rebooted. | 7.5 |
| 2020-05-28 | CVE-2020-8329 | Unspecified vulnerability in Lenovo products A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, causing an error to be displayed and preventing printer from functioning until the printer is rebooted. | 7.5 |