Latest CVE Feed
-
7.2
HIGHCVE-2020-8354
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.... Read more
- Published: Nov. 11, 2020
- Modified: Nov. 21, 2024
-
6.7
MEDIUMCVE-2020-8353
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.... Read more
Affected Products : thinkcentre_m920q_firmware thinkcentre_m920t_firmware thinkcentre_m920s_firmware thinkcentre_m910z_firmware thinkcentre_m920z_firmware thinkstation_p330_tiny_firmware thinkcentre_m80s_firmware thinkcentre_m80t_firmware thinkcentre_m90s_firmware thinkcentre_m90t_firmware +18 more products- Published: Nov. 11, 2020
- Modified: Nov. 21, 2024
-
2.4
LOWCVE-2020-8352
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.... Read more
- Published: Nov. 11, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8351
A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.... Read more
Affected Products : pcmanager- Published: Nov. 30, 2020
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2020-8350
An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege.... Read more
- Published: Oct. 14, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-8349
An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled.... Read more
- Published: Oct. 14, 2020
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2020-8348
A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, po... Read more
Affected Products : enterprise_network_disk- Published: Sep. 24, 2020
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2020-8347
A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through ... Read more
Affected Products : enterprise_network_disk- Published: Sep. 24, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2020-8346
A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations.... Read more
Affected Products : system_interface_foundation- Published: Sep. 15, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8345
A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.... Read more
Affected Products : hardware_scan- Published: Oct. 14, 2020
- Modified: Nov. 21, 2024
-
7.3
HIGHCVE-2020-8342
A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.... Read more
Affected Products : system_update- Published: Sep. 15, 2020
- Modified: Nov. 21, 2024
-
2.4
LOWCVE-2020-8341
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in vari... Read more
Affected Products : thinkpad_t490_\(20nx\)_firmware thinkpad_t490_\(20qx\)_firmware thinkpad_t490_\(20rx\)_firmware thinkpad_t490s_\(20nx\)_firmware thinkpad_t590_\(20nx\)_firmware thinkpad_x1_carbon_\(20qx\)_firmware thinkpad_x1_yoga_\(20qx\)_firmware thinkpad_x390_\(20qx\)_firmware thinkpad_x390_\(20sx\)_firmware thinkpad_t495_drift_firmware +10 more products- Published: Sep. 01, 2020
- Modified: Nov. 21, 2024
-
6.3
MEDIUMCVE-2020-8340
A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. ... Read more
- Published: Sep. 15, 2020
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2020-8339
A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability could allow an authenticated user's AMM credentials to be ... Read more
- Published: Sep. 15, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8338
A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.... Read more
Affected Products : diagnostics- Published: Oct. 14, 2020
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2020-8337
An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.... Read more
Affected Products : thinkpad_11e thinkpad_e480 thinkpad_e580 thinkpad_l380 thinkpad_l380_yoga thinkpad_l480 thinkpad_l580 thinkpad_t470p thinkpad_x270 thinkpad_x380_yoga +73 more products- Published: Jun. 09, 2020
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2020-8336
Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.... Read more
- Published: Jun. 09, 2020
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2020-8335
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button ... Read more
- Published: Sep. 01, 2020
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2020-8334
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.... Read more
- Published: Jun. 09, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8333
A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution... Read more
- Published: Sep. 24, 2020
- Modified: Nov. 21, 2024