Thinkserver Rd350, Rd450, Rd550, Rd650, Td350 Security Vulnerabilities
A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary...
6.7CVSS
6.9AI Score
0.0004EPSS
An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM...
4.4CVSS
4.4AI Score
0.0004EPSS
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution...
9.8CVSS
9.5AI Score
0.008EPSS
Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than...
7.5CVSS
7.4AI Score
0.001EPSS
Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than...
7.5CVSS
6.9AI Score
0.001EPSS
Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than...
7.5CVSS
7.5AI Score
0.001EPSS
Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than...
7.4AI Score
0.001EPSS
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use...
5.9CVSS
5.7AI Score
0.018EPSS
GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow (
Lenovo Security Advisory: LEN-2015-007 Potential Impact: Execution of Arbitrary Code Severity: High Summary: A vulnerability has been found in the GNU C Library (glibc) __nss_hostname_digits_dots() function that allows both local and remote users to cause a buffer overflow in network...
0.6AI Score
0.975EPSS
Lenovo Security Advisory: LEN-2014-006 Potential Impact: Elevation of Privilege Severity: Medium Summary: Certain firmware implementations may not correctly protect memory that stores the BIOS S3 Boot Script when a system is suspended. Exploitation of such vulnerabilities could potentially lead to....
6.4AI Score
EPSS
S3 Boot Script Protection - Lenovo Support US
Lenovo Security Advisory: LEN-2014-006 Potential Impact: Elevation of Privilege Severity: Medium Summary: Certain firmware implementations may not correctly protect memory that stores the BIOS S3 Boot Script when a system is suspended. Exploitation of such vulnerabilities could potentially lead to....
0.2AI Score
EPSS
Row Hammer Privilege Escalation - Lenovo Support US
Lenovo Security Advisory: LEN-2015-009 Potential Impact: Escalation of Privilege Severity: Medium Summary: The Passgate issue (aka “Row Hammer”) is an inherent design/process limitation in memory for sub 40nm technology such as DDR3/DDR3L/LPDDR2/LPDDR3/GDDR5 that can cause errors in rows of...
0.5AI Score
GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow ("GHOST")
Lenovo Security Advisory: LEN-2015-007 Potential Impact: Execution of Arbitrary Code Severity: High Summary: A vulnerability has been found in the GNU C Library (glibc) __nss_hostname_digits_dots() function that allows both local and remote users to cause a buffer overflow in network...
8.2AI Score
0.975EPSS
Row Hammer Privilege Escalation
Lenovo Security Advisory: LEN-2015-009 Potential Impact: Escalation of Privilege Severity: Medium Summary: The Passgate issue (aka “Row Hammer”) is an inherent design/process limitation in memory for sub 40nm technology such as DDR3/DDR3L/LPDDR2/LPDDR3/GDDR5 that can cause errors in rows of...
6.7AI Score
NVIDIA Windows Privilege Delegation Escalation - Lenovo Support US
Lenovo Security Advisory: LEN-2015-008 Potential Impact: Escalation of Privilege Severity: Medium Summary: The NVIDIA Display Driver’s kernel administrator check improperly validates local client impersonation levels in some cases. Description: This vulnerability can only be exploited by a...
6.1AI Score
0.0004EPSS
NVIDIA Windows Privilege Delegation Escalation
Lenovo Security Advisory: LEN-2015-008 Potential Impact: Escalation of Privilege Severity: Medium Summary: The NVIDIA Display Driver’s kernel administrator check improperly validates local client impersonation levels in some cases. Description: This vulnerability can only be exploited by a...
6.1AI Score
0.0004EPSS
ThinkServer *50-series BIOS Password Encryption Weakness - Lenovo Support US
Lenovo Security Advisory: LEN-2015-018 Potential Impact: Password Disclosure Severity: Low Summary: The ThinkServer *50-series of servers store user and administrator BIOS passwords using a legacy, proprietary form of encryption. This issue was found during an internal security review and...
5.9AI Score
0.001EPSS
ThinkServer *50-series BIOS Password Encryption Weakness
Lenovo Security Advisory: LEN-2015-018 Potential Impact: Password Disclosure Severity: Low Summary: The ThinkServer *50-series of servers store user and administrator BIOS passwords using a legacy, proprietary form of encryption. This issue was found during an internal security review and...
5.9AI Score
0.001EPSS
Multiple ThinkServer System Manager (TSM) *50-series Security Weaknesses - Lenovo Support US
Lenovo Security Advisory: LEN-2015-024 Potential Impact: Unauthorized Access; Escalation of Privilege; Denial of Service; Man-in-the-Middle (MitM) Attack *Severity: *High Summary: Multiple security weaknesses were discovered in the ThinkServer System Manager (TSM) Baseboard Management Controller...
6.8AI Score
0.003EPSS
Multiple ThinkServer System Manager (TSM) *50-series Security Weaknesses
Lenovo Security Advisory: LEN-2015-024 Potential Impact: Unauthorized Access; Escalation of Privilege; Denial of Service; Man-in-the-Middle (MitM) Attack *Severity: *High Summary: Multiple security weaknesses were discovered in the ThinkServer System Manager (TSM) Baseboard Management Controller...
6.8AI Score
0.003EPSS
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof...
6.9AI Score
0.001EPSS
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof...
6.7AI Score
0.001EPSS
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during...
7AI Score
0.003EPSS
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during...
6.7AI Score
0.003EPSS
Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified...
6.7AI Score
0.001EPSS
Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified...
6.5AI Score
0.001EPSS
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof...
7.2AI Score
0.001EPSS
Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified...
6.9AI Score
0.001EPSS
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during...
7.3AI Score
0.003EPSS
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during...
6.7AI Score
0.003EPSS
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof...
6.7AI Score
0.001EPSS
Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified...
6.5AI Score
0.001EPSS