Vulnerabilidades em Lenovo
369 resultadosCVE-2021-3956MEDIUMA read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware EPSS 0.7%CVE-2021-42848MEDIUMAn information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user EPSS 0.7%CVE-2023-4856HIGH
A format string vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute arbitrary commands on a EPSS 0.7%CVE-2018-9085—Missing System x Flash Memory Write Protection Lock BitEPSS 0.7%CVE-2019-6182MEDIUMA stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an adminiEPSS 0.7%CVE-2019-6180MEDIUMA stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could alEPSS 0.7%CVE-2018-16096—System Management Module VulnerabilitiesEPSS 0.6%CVE-2019-6195MEDIUMAn authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid EPSS 0.6%CVE-2020-8340MEDIUMA cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), priorEPSS 0.6%CVE-2022-34884HIGHA buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsEPSS 0.6%CVE-2023-5079HIGHLenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could resulEPSS 0.6%CVE-2020-8350HIGHAn authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalEPSS 0.6%CVE-2018-16091—System Management Module VulnerabilitiesEPSS 0.6%CVE-2023-0683HIGHA valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.EPSS 0.6%CVE-2023-25495MEDIUMA valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenEPSS 0.6%CVE-2024-38509HIGHA privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arEPSS 0.5%CVE-2020-8353MEDIUMPrior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) featureEPSS 0.5%CVE-2024-27912HIGHA denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending EPSS 0.5%CVE-2024-27910MEDIUMA vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to reboot the printer without authenticatiEPSS 0.5%CVE-2021-42851MEDIUMA vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard useEPSS 0.5%