Vulnerabilities > Lenovo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-02 | CVE-2018-9069 | Race Condition vulnerability in multiple products In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS. | 5.9 |
| 2018-09-28 | CVE-2018-9081 | Cross-site Scripting vulnerability in Lenovo products For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. | 4.7 |
| 2018-09-28 | CVE-2018-9080 | Improper Authentication vulnerability in Lenovo products For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. | 5.9 |
| 2018-09-28 | CVE-2018-9074 | Path Traversal vulnerability in Lenovo Lenovoemc Firmware 4.1.402.34662 For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. | 6.5 |
| 2018-07-19 | CVE-2018-9062 | Injection vulnerability in Lenovo products In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code. | 6.8 |
| 2018-07-13 | CVE-2018-9070 | Unspecified vulnerability in Lenovo Smart Assistant For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. high complexity lenovo | 6.4 |
| 2018-05-04 | CVE-2017-3775 | Improper Authentication vulnerability in Lenovo products Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. | 6.4 |
| 2017-11-30 | CVE-2017-3764 | Information Exposure vulnerability in Lenovo Xclarity Administrator A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. | 5.3 |
| 2017-10-03 | CVE-2015-3321 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Fingerprint Manager Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations. | 6.7 |
| 2017-09-22 | CVE-2017-3763 | Unspecified vulnerability in Lenovo Xclarity Administrator An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2. | 6.7 |