Latest CVE Feed
-
7.3
HIGHCVE-2020-8342
A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.... Read more
Affected Products : system_update- Published: Sep. 15, 2020
- Modified: Nov. 21, 2024
-
2.4
LOWCVE-2020-8341
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in vari... Read more
Affected Products : thinkpad_t490_\(20nx\)_firmware thinkpad_t490_\(20qx\)_firmware thinkpad_t490_\(20rx\)_firmware thinkpad_t490s_\(20nx\)_firmware thinkpad_t590_\(20nx\)_firmware thinkpad_x1_carbon_\(20qx\)_firmware thinkpad_x1_yoga_\(20qx\)_firmware thinkpad_x390_\(20qx\)_firmware thinkpad_x390_\(20sx\)_firmware thinkpad_t495_drift_firmware +10 more products- Published: Sep. 01, 2020
- Modified: Nov. 21, 2024
-
6.3
MEDIUMCVE-2020-8340
A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. ... Read more
- Published: Sep. 15, 2020
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2020-8339
A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability could allow an authenticated user's AMM credentials to be ... Read more
- Published: Sep. 15, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8338
A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.... Read more
Affected Products : diagnostics- Published: Oct. 14, 2020
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2020-8337
An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.... Read more
Affected Products : thinkpad_11e thinkpad_e480 thinkpad_e580 thinkpad_l380 thinkpad_l380_yoga thinkpad_l480 thinkpad_l580 thinkpad_t470p thinkpad_x270 thinkpad_x380_yoga +73 more products- Published: Jun. 09, 2020
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2020-8336
Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.... Read more
- Published: Jun. 09, 2020
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2020-8335
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button ... Read more
- Published: Sep. 01, 2020
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2020-8334
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.... Read more
- Published: Jun. 09, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8333
A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution... Read more
- Published: Sep. 24, 2020
- Modified: Nov. 21, 2024
-
6.9
MEDIUMCVE-2020-8332
A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.... Read more
- Published: Oct. 14, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8330
A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, preventing subsequent print jobs until the printer is reb... Read more
Affected Products : lj4010dn_firmware lj6700dn_firmware m8960dnf_firmware lj4010dn lj6700dn m8960dnf- Published: May. 28, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8329
A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, causing an error to be displayed and preventing printer f... Read more
Affected Products : lj4010dn_firmware lj6700dn_firmware m8960dnf_firmware lj4010dn lj6700dn m8960dnf- Published: May. 28, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8327
A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges.... Read more
Affected Products : vantage- Published: Apr. 14, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8326
An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.... Read more
Affected Products : drivers_management- Published: Jul. 24, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2020-8324
A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed.... Read more
Affected Products : system_interface_foundation- Published: Apr. 14, 2020
- Modified: Nov. 21, 2024
-
6.7
MEDIUMCVE-2020-8323
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.... Read more
- Published: Jun. 09, 2020
- Modified: Nov. 21, 2024
-
6.7
MEDIUMCVE-2020-8322
A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.... Read more
Affected Products : e42-80_firmware e52-80_firmware miix_720-12ikb_firmware s145-14api_firmware s145-14ast_firmware s145-15api_firmware s145-15ast_firmware s540-13api_firmware v130-15ikb_firmware v330-15igm_firmware +92 more products- Published: Jun. 09, 2020
- Modified: Nov. 21, 2024
-
6.7
MEDIUMCVE-2020-8321
A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.... Read more
- Published: Jun. 09, 2020
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2020-8320
An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.... Read more
- Published: Jun. 09, 2020
- Modified: Nov. 21, 2024