Vulnerabilidades en Lenovo Group Ltd.

56 resultados
CVE-2017-3761The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain casEPSS 4.2%CVE-2016-8237Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code.EPSS 3.3%CVE-2017-3758Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code exEPSS 2.7%CVE-2018-9066In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additionaEPSS 2.2%CVE-2017-3759The Lenovo Service Framework Android application accepts some responses from the server without proper validation. This exposes the applicatEPSS 1.7%CVE-2017-3774A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than veEPSS 1.3%CVE-2017-3768An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for LenEPSS 1.2%CVE-2016-8233Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear EPSS 1.1%CVE-2018-9067The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could hEPSS 1.1%CVE-2017-3776Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting otherEPSS 1.1%CVE-2016-8230In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model aEPSS 1.1%CVE-2018-9068The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. TEPSS 1.1%CVE-2017-3770Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interfacEPSS 1.0%CVE-2018-9064In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credEPSS 1.0%CVE-2016-8226The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.EPSS 0.9%CVE-2017-3764A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenEPSS 0.9%CVE-2017-3744In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure DataEPSS 0.8%CVE-2017-3771System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without coEPSS 0.8%CVE-2016-8236Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM veEPSS 0.8%CVE-2017-3760The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded apEPSS 0.8%