Vulnerabilidades em Lenovo
369 resultadosCVE-2020-8356MEDIUMAn internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTEPSS 0.5%CVE-2021-3417MEDIUMAn internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator (LXCA), ifEPSS 0.5%CVE-2024-27908MEDIUMA buffer overflow vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in denial of service.EPSS 0.5%CVE-2023-4857HIGH
An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute certain IPMI caEPSS 0.5%CVE-2023-6540MEDIUMA vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payEPSS 0.5%CVE-2024-27909MEDIUMA denial of service vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in a system reboot.EPSS 0.5%CVE-2019-19757MEDIUMAn internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scriptiEPSS 0.5%CVE-2023-2992HIGHAn unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered underEPSS 0.5%CVE-2020-8355MEDIUMAn internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provEPSS 0.5%CVE-2018-9073—CMM Security VulnerabilityEPSS 0.5%CVE-2023-25492MEDIUMA valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a fEPSS 0.5%CVE-2023-29057HIGHA valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to EPSS 0.5%CVE-2022-3429MEDIUMA denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an opeEPSS 0.5%CVE-2024-27911HIGHA vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password.EPSS 0.5%CVE-2021-3473MEDIUMAn internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be EPSS 0.5%CVE-2019-6166MEDIUMA vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery.EPSS 0.5%CVE-2022-1513HIGHA potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a speciaEPSS 0.5%CVE-2023-4605MEDIUM
A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve systemEPSS 0.5%CVE-2023-4606HIGHAn authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.
This affects ThEPSS 0.5%CVE-2018-16097—LXCI for VMware and LXCI for Microsoft System CenterEPSS 0.5%