Latest CVE Feed
-
8.8
HIGHCVE-2020-8417
The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu.... Read more
Affected Products : code_snippets- Published: Jan. 28, 2020
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2020-8416
IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to the PASV mode port.... Read more
Affected Products : bearftp- Published: Jan. 29, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2020-8357
A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations.... Read more
Affected Products : pcmanager- Published: Mar. 09, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2020-8356
An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failur... Read more
Affected Products : xclarity_orchestrator- Published: Mar. 09, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2020-8355
An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Captur... Read more
Affected Products : xclarity_administrator- Published: Feb. 10, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2020-8354
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.... Read more
- Published: Nov. 11, 2020
- Modified: Nov. 21, 2024
-
6.7
MEDIUMCVE-2020-8353
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.... Read more
Affected Products : thinkcentre_m920q_firmware thinkcentre_m920t_firmware thinkcentre_m920s_firmware thinkcentre_m910z_firmware thinkcentre_m920z_firmware thinkstation_p330_tiny_firmware thinkcentre_m80s_firmware thinkcentre_m80t_firmware thinkcentre_m90s_firmware thinkcentre_m90t_firmware +18 more products- Published: Nov. 11, 2020
- Modified: Nov. 21, 2024
-
2.4
LOWCVE-2020-8352
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.... Read more
- Published: Nov. 11, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8351
A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.... Read more
Affected Products : pcmanager- Published: Nov. 30, 2020
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2020-8350
An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege.... Read more
- Published: Oct. 14, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-8349
An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled.... Read more
- Published: Oct. 14, 2020
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2020-8348
A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, po... Read more
Affected Products : enterprise_network_disk- Published: Sep. 24, 2020
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2020-8347
A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through ... Read more
Affected Products : enterprise_network_disk- Published: Sep. 24, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2020-8346
A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations.... Read more
Affected Products : system_interface_foundation- Published: Sep. 15, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8345
A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.... Read more
Affected Products : hardware_scan- Published: Oct. 14, 2020
- Modified: Nov. 21, 2024
-
7.3
HIGHCVE-2020-8342
A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.... Read more
Affected Products : system_update- Published: Sep. 15, 2020
- Modified: Nov. 21, 2024
-
2.4
LOWCVE-2020-8341
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in vari... Read more
Affected Products : thinkpad_t490_\(20nx\)_firmware thinkpad_t490_\(20qx\)_firmware thinkpad_t490_\(20rx\)_firmware thinkpad_t490s_\(20nx\)_firmware thinkpad_t590_\(20nx\)_firmware thinkpad_x1_carbon_\(20qx\)_firmware thinkpad_x1_yoga_\(20qx\)_firmware thinkpad_x390_\(20qx\)_firmware thinkpad_x390_\(20sx\)_firmware thinkpad_t495_drift_firmware +10 more products- Published: Sep. 01, 2020
- Modified: Nov. 21, 2024
-
6.3
MEDIUMCVE-2020-8340
A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. ... Read more
- Published: Sep. 15, 2020
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2020-8339
A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability could allow an authenticated user's AMM credentials to be ... Read more
- Published: Sep. 15, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8338
A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.... Read more
Affected Products : diagnostics- Published: Oct. 14, 2020
- Modified: Nov. 21, 2024