CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Lenovo : Security Vulnerabilities Published In 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-8351 269 Exec Code 2020-11-30 2020-12-02
4.6
None Local Low Not required Partial Partial Partial
A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.
2 CVE-2020-8348 79 Exec Code XSS 2020-09-24 2020-09-30
4.3
None Remote Medium Not required None Partial None
A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing.
3 CVE-2020-8347 79 Exec Code XSS 2020-09-24 2020-09-30
4.3
None Remote Medium Not required None Partial None
A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through phishing.
4 CVE-2020-8346 276 DoS 2020-09-15 2020-09-21
2.1
None Local Low Not required None None Partial
A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations.
5 CVE-2020-8345 427 2020-10-14 2020-10-26
4.4
None Local Medium Not required Partial Partial Partial
A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.
6 CVE-2020-8342 367 2020-09-15 2020-09-21
6.9
None Local Medium Not required Complete Complete Complete
A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.
7 CVE-2020-8338 426 Exec Code 2020-10-14 2020-10-16
7.2
None Local Low Not required Complete Complete Complete
A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.
8 CVE-2020-8327 269 Exec Code 2020-04-14 2020-04-15
7.2
None Local Low Not required Complete Complete Complete
A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges.
9 CVE-2020-8326 428 Exec Code 2020-07-24 2020-07-29
6.9
None Local Medium Not required Complete Complete Complete
An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.
10 CVE-2020-8324 20 2020-04-14 2020-04-15
2.1
None Local Low Not required None Partial None
A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed.
11 CVE-2020-8319 269 Exec Code 2020-04-14 2020-04-15
7.2
None Local Low Not required Complete Complete Complete
A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges.
12 CVE-2020-8318 269 Exec Code 2020-04-14 2020-04-15
7.2
None Local Low Not required Complete Complete Complete
A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges.
13 CVE-2020-8317 426 Exec Code 2020-07-24 2020-07-29
6.9
None Local Medium Not required Complete Complete Complete
A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.
14 CVE-2020-8316 200 +Info 2020-04-14 2020-04-15
2.1
None Local Low Not required Partial None None
A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges.
15 CVE-2019-19757 79 Exec Code XSS 2020-02-14 2020-02-24
3.5
None Remote Medium ??? None Partial None
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. The JavaScript code is executed on the user's system, not executed on LXCA itself.
16 CVE-2019-19756 532 2020-03-13 2020-03-18
3.6
None Local Low Not required Partial Partial None
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA.
17 CVE-2019-6196 426 2020-06-09 2020-06-22
6.9
None Local Medium Not required Complete Complete Complete
A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation.
18 CVE-2019-6194 611 2020-02-14 2020-02-21
4.3
None Remote Medium Not required Partial None None
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure.
19 CVE-2019-6193 200 +Info 2020-02-14 2020-02-24
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes.
20 CVE-2019-6173 426 2020-06-09 2020-06-22
6.9
None Local Medium Not required Complete Complete Complete
A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges.
21 CVE-2015-8536 352 CSRF 2020-03-27 2020-03-31
6.8
None Remote Medium Not required Partial Partial Partial
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery.
22 CVE-2015-8535 22 Exec Code Dir. Trav. 2020-03-27 2020-03-31
7.2
None Local Low Not required Complete Complete Complete
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.
23 CVE-2015-8534 269 Exec Code 2020-03-27 2020-03-31
7.2
None Local Low Not required Complete Complete Complete
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.
24 CVE-2015-7336 347 Bypass 2020-03-27 2020-04-01
5.0
None Remote Low Not required None Partial None
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.
25 CVE-2015-7335 362 Exec Code 2020-03-27 2020-03-30
6.9
None Local Medium Not required Complete Complete Complete
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.
26 CVE-2015-7334 269 Exec Code 2020-03-27 2020-03-30
7.2
None Local Low Not required Complete Complete Complete
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges.
27 CVE-2015-7333 269 Exec Code 2020-03-27 2020-03-30
7.2
None Local Low Not required Complete Complete Complete
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges.
Total number of vulnerabilities : 27   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.