Latest CVE Feed
-
9.8
CRITICALCVE-2020-8349
An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled.... Read more
- Published: Oct. 14, 2020
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2020-8348
A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, po... Read more
Affected Products : enterprise_network_disk- Published: Sep. 24, 2020
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2020-8347
A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through ... Read more
Affected Products : enterprise_network_disk- Published: Sep. 24, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2020-8346
A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations.... Read more
Affected Products : system_interface_foundation- Published: Sep. 15, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8345
A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.... Read more
Affected Products : hardware_scan- Published: Oct. 14, 2020
- Modified: Nov. 21, 2024
-
7.3
HIGHCVE-2020-8342
A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.... Read more
Affected Products : system_update- Published: Sep. 15, 2020
- Modified: Nov. 21, 2024
-
2.4
LOWCVE-2020-8341
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in vari... Read more
Affected Products : thinkpad_t490_\(20nx\)_firmware thinkpad_t490_\(20qx\)_firmware thinkpad_t490_\(20rx\)_firmware thinkpad_t490s_\(20nx\)_firmware thinkpad_t590_\(20nx\)_firmware thinkpad_x1_carbon_\(20qx\)_firmware thinkpad_x1_yoga_\(20qx\)_firmware thinkpad_x390_\(20qx\)_firmware thinkpad_x390_\(20sx\)_firmware thinkpad_t495_drift_firmware +10 more products- Published: Sep. 01, 2020
- Modified: Nov. 21, 2024
-
6.3
MEDIUMCVE-2020-8340
A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. ... Read more
- Published: Sep. 15, 2020
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2020-8339
A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability could allow an authenticated user's AMM credentials to be ... Read more
- Published: Sep. 15, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8338
A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.... Read more
Affected Products : diagnostics- Published: Oct. 14, 2020
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2020-8337
An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.... Read more
Affected Products : thinkpad_11e thinkpad_e480 thinkpad_e580 thinkpad_l380 thinkpad_l380_yoga thinkpad_l480 thinkpad_l580 thinkpad_t470p thinkpad_x270 thinkpad_x380_yoga +73 more products- Published: Jun. 09, 2020
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2020-8336
Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.... Read more
- Published: Jun. 09, 2020
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2020-8335
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button ... Read more
- Published: Sep. 01, 2020
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2020-8334
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.... Read more
- Published: Jun. 09, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8333
A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution... Read more
- Published: Sep. 24, 2020
- Modified: Nov. 21, 2024
-
6.9
MEDIUMCVE-2020-8332
A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.... Read more
- Published: Oct. 14, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8330
A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, preventing subsequent print jobs until the printer is reb... Read more
Affected Products : lj4010dn_firmware lj6700dn_firmware m8960dnf_firmware lj4010dn lj6700dn m8960dnf- Published: May. 28, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8329
A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, causing an error to be displayed and preventing printer f... Read more
Affected Products : lj4010dn_firmware lj6700dn_firmware m8960dnf_firmware lj4010dn lj6700dn m8960dnf- Published: May. 28, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8327
A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges.... Read more
Affected Products : vantage- Published: Apr. 14, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8326
An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.... Read more
Affected Products : drivers_management- Published: Jul. 24, 2020
- Modified: Nov. 21, 2024