1170 matches found
Inherent Risks of Using the Intelligent Platform Management Interface (IPMI) on the Lenovo System x Integrated Management Module (IMM), Integrated Management Module II (IMM2) and ThinkServer TSM - us
Lenovo Security Advisory: LEN-10617 Potential Impact: Access to systems through IPMI if default settings are not changed Severity: High Scope of Impact: Industry-Wide CVE Identifiers: CVE-2013-4037, CVE-2013-4031 Summary Description: Various risks with the industry-standard Intelligent Platform...
Multiple potential vulnerabilities in User Mode driver components of Intel Graphics Driver Unified Shader Compiler - US
Lenovo Security Advisory: LEN-24426 Potential Impact: Elevation of Privilege, Denial of Service Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-12152, CVE-2018-12153, CVE-2018-12154 Summary Description: The Intel® Graphics Drivers for Windows version 15.40.4963 and 15.36.48...
Missing System x Flash Memory Write Protection Lock Bit - US
Lenovo Security Advisory: LEN-24477 Potential Impact: Denial of service Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9085 Summary Description: A write protection lock bit was left unset after boot on an older generation of System x server, potentially allowing an...
CMM Security Concerns - US
Lenovo Security Advisory: LEN-23806 Potential Impact: Information Disclosure; Hardcoded Encryption Key Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9071, CVE-2018-9073 Summary: In a recent internal audit, Lenovo identified potential security vulnerabilities in the...
Legacy Server BMC Remote Command Injection - US
Lenovo Security Advisory: LEN-23836 Potential Impact: Arbitrary Code Execution Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9086 Summary Description: Lenovo has become aware that in certain legacy Lenovo ThinkServer-branded servers, a command injection vulnerability...
NVIDIA GPU Display driver contains multiple vulnerabilities in the kernel mode layer handler - us
Lenovo Security Advisory: LEN-14587 Potential Impact: Denial of service or privilege escalation Severity: High Scope of Impact: Industry-Wide CVE Identifiers: CVE-2017-0341, CVE-2017-0342, CVE-2017-0343, CVE-2017-0344, CVE-2017-0345, CVE-2017-0346, CVE-2017-0347, CVE-2017-0348, CVE-2017-0349,...
AMI Firmware Permits Microcode Downgrade - US
Lenovo Security Advisory: LEN-24239 Potential Impact: Unauthorized microcode downgrade Severity: Medium Scope of Impact: Industry-wide Summary Description: AMI has reported to Lenovo that the BIOS supplied by AMI may allow an attacker to revert the CPU firmware to an older version. Mitigation...
Lenovo Service Engine (LSE) BIOS for Notebook
Lenovo Security Advisory: LEN-2015-020 Potential Impact: Privilege Escalation Severity: High Summary: Vulnerabilities have been identified in the Lenovo Service Engine LSE which may run on certain Lenovo notebook systems that do not have a Lenovo preloaded operating system installed. Lenovo has...
Lenovo Power Management Driver Vulnerability - Lenovo Support US
Lenovo Security Advisory: LEN-29334 Potential Impact: Denial of Service Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2019-6192 Summary Description: A potential vulnerability has been reported in the Lenovo Power Management Driver which could lead to a denial of service...
NVIDIA GPU display driver contains multiple vulnerabilities in the kernel mode layer handler - us
Lenovo Security Advisory: LEN-15854 Potential Impact: Denial of Service or Privilege Escalation Severity: High Scope of Impact: Industry-Wide CVE Identifier: CVE-2017-6251, CVE-2017-6252, CVE-2017-6253, CVE-2017-6254, CVE-2017-6255, CVE-2017-6256, CVE-2017-6257, CVE-2017-6258, CVE-2017-6259,...
Enterprise Networking Operating System (ENOS) Authentication Bypass in Lenovo and IBM RackSwitch and BladeCenter Products - US
Lenovo Security Advisory: LEN-16095 Potential Impact: An attacker could gain access to the switch management interface, permitting settings changes that could result in exposing traffic passing through the switch, subtle malfunctions in the attached infrastructure, and partial or complete denial ...
Intel Firmware Vulnerabilities - US
Lenovo Security Advisory: LEN-25085 Potential Impact: Privilege escalation, denial of service, information disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-12201, CVE-2018-12202, CVE-2018-12203, CVE-2018-12204, CVE-2018-12205 Summary Description: Intel has disclos...
GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow ("GHOST")
Lenovo Security Advisory: LEN-2015-007 Potential Impact: Execution of Arbitrary Code Severity: High Summary: A vulnerability has been found in the GNU C Library glibc nsshostnamedigitsdots function that allows both local and remote users to cause a buffer overflow in network function calls...
Privilege Escalation in Dolby DAX2API Service - us
Lenovo Security Advisory: LEN-12704 Potential Impact: Local privilege escalation Severity: High Scope of Impact: Industry-Wide CVE Identifier: CVE-2017-7293 Summary Description: A privilege escalation vulnerability has been discovered in Dolby’s DAX2API service where a local user can run arbitrar...
NVIDIA GPU Display Driver Update - Lenovo Support US
Lenovo Security Advisory: LEN-27326 Potential Impact: Denial of service, escalation of privileges, or information disclosure. Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2019-5675, CVE-2019-5676, CVE-2019-5677 Summary Description: NVIDIA has released a software update to...
IMM2 Denial of Service Attack by an Unprivileged User - NL
Lenovo Security Advisory: LEN-14450 Potential Impact: Denial of Service Severity: Medium Scope of Impact: Lenovo Specific CVE Identifier: CVE-2017-3768 Summary Description: A vulnerability was discovered in the Integrated Management Module 2 IMM2 used in some Lenovo servers where an unprivileged...
Data on SanDisk Solid State Drives may be recoverable after running the BIOS Secure Erase Function or the ThinkPad Drive Erase Utility
Lenovo Security Advisory: LEN-5595 Potential Impact: Drive data may be able to be recovered after running the secure erase utility Severity:Medium Scope of Impact: Lenovo Summary Description: SanDisk’s firmware used to erase the data on these SSDs did not meet Lenovo’s specifications and it was...
Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology Vulnerabilities - US
Lenovo Security Advisory: LEN-25083 Potential Impact: Privilege escalation, denial of service, information disclosure Severity: High Scope of Impact: Industry-wideF CVE Identifier: CVE-2018-12188, CVE-2018-12189, CVE-2018-12190, CVE-2018-12191, CVE-2018-12192, CVE-2018-12199, CVE-2018-12198,...
Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology Vulnerabilities - Lenovo Support US
Lenovo Security Advisory: LEN-26293 Potential Impact: Privilege escalation, denial of service, information disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2019-0086 , CVE-2019-0089 , CVE-2019-0090 , CVE-2019-0091 , CVE-2019-0092 , CVE-2019-0093 , CVE-2019-0094 ,...
Multi-vendor BIOS Security Vulnerabilities - Lenovo Support US
Lenovo Security Advisory: LEN-27714 Potential Impact: Escalation of Privilege, Denial of Service, Information Disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2019-0117, CVE-2019-0123, CVE-2019-0124, CVE-2019-0151, CVE-2019-0152, CVE-2019-0154, CVE-2019-0184,...
S3 Boot Script Protection
Lenovo Security Advisory: LEN-2014-006 Potential Impact: Elevation of Privilege Severity: Medium Summary: Certain firmware implementations may not correctly protect memory that stores the BIOS S3 Boot Script when a system is suspended. Exploitation of such vulnerabilities could potentially lead t...
Brocade Network Advisor Vulnerabilities - US
Lenovo Security Advisory: LEN-25655 Potential Impact: Code execution, privilege escalation Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-6443, CVE-2018-6444, CVE-2018-6445, CVE-2019-6446 Summary Description: Vulnerabilities found in Brocade Network Advisor before versio...
Intel Graphics Driver for Windows Vulnerabilities - Lenovo Support US
Lenovo Security Advisory: LEN-25084 Potential Impact: Privilege escalation, information disclosure, denial of service Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-12209, CVE-2018-12210, CVE-2018-12211, CVE-2018-12212, CVE-2018-12213, CVE-2018-12214, CVE-2018-12215,...
Intel CSME, SPS, TXE, AMT and DAL Advisory - Lenovo Support US
Lenovo Security Advisory: LEN-30041 Potential Impact: Privilege escalation, denial of service, information disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2020-0542, CVE-2020-0532, CVE-2020-0538, CVE-2020-0534, CVE-2020-0541, CVE-2020-0533, CVE-2020-0537, CVE-2020-053...
PaperDisplay Hotkey Vulnerability - US
Lenovo Security Advisory: LEN-27569 Potential Impact: Privilege escalation Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2019-6165 Summary Description: A DLL search path vulnerability was reported in PaperDisplay Hotkey Service versions 1.2.0.8 and earlier that could allow...
USB provisioning may be allowed when Intel AMT is disabled
Lenovo Security Advisory: LEN-3556 Potential Impact: Unwanted local AMT provisioning of system Severity: Medium Summary: Some systems with Intel’s AMT technology which is installed on many PCs across vendors may be able to be provisioned by someone with physical access to the system via a special...
TianoCore EDK II BIOS Vulnerabilities - Lenovo Support US
Lenovo Security Advisory: LEN-25869 Potential Impact: Privilege escalation, denial of service Severity: High Scope of Impact: Industry-wide CVE Identifier: N/A Summary Description: Lenovo was notified of vulnerabilities in TianoCore EDK II BIOS that could lead to privilege escalation or denial of...
Apache Struts Open Source Framework Remote Code Execution - us
Lenovo Security Advisory: LEN-14200 Potential Impact: Remote code execution Scope of Impact: Industry-Wide CVE Identifier: CVE-2017-5638 Summary Description: Lenovo V3700 V2, Lenovo V3700 V2 XP, Lenovo V5030/V5030F and Storwize V7000 for Lenovo storage devices contain a vulnerability in Apache...
Self-Encrypting Drive Vulnerabilities - US
Lenovo Security Advisory: LEN-25256 Potential Impact: Information disclosure Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-12037, CVE-2018-12038, CVE-2019-10636, CVE-2019-10705, CVE-2019-10706, CVE-2019-11686 Summary Description: As reported in CERT Coordination Center...
Brocade Fabric OS and SANnav Vulnerabilities - Lenovo Support US
Lenovo Security Advisory: LEN-46654 Potential Impact: Privilege escalation, denial of service, information disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-6447, CVE-2018-6448, CVE-2018-6449, CVE-2019-16211, CVE-2019-16212, CVE-2020-15369, CVE-2020-15370,...
Intel CSME, Server Platform Services, Trusted Execution Engine, Intel Active Management Technology and Dynamic Application Loader Vulnerabilities - Lenovo Support US
Lenovo Security Advisory: LEN-27716 Potential Impact: Privilege escalation, denial of service, information disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2019-0131, CVE-2019-0165, CVE-2019-0166, CVE-2019-0168, CVE-2019-0169, CVE-2019-11086, CVE-2019-11087,...
AMI MegaRAC SP-X BMC Vulnerabilities - Lenovo Support US
Lenovo Security Advisory: LEN-29592 Potential Impact: Denial of service, privilege escalation, information disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2013-4312, CVE-2013-7446, CVE-2014-3631, CVE-2014-5206, CVE-2014-5207, CVE-2014-6410, CVE-2014-7145, CVE-2014-782...
Synaptics Audio Driver Vulnerability - Lenovo Support US
Lenovo Security Advisory: LEN-25822 Potential Impact: Privilege escalation Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2019-9730 Summary Description: Incorrect access control in the CxUtilSvc.exe component of the Synaptics previously Conexant Audio driver could allow a...
Intel Firmware Vulnerabilities - Lenovo Support US
Lenovo Security Advisory: LEN-26294 Potential Impact: Privilege escalation, denial of service Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2019-0119 , CVE-2019-0120 , CVE-2019-0126 Summary Description: Potential security vulnerabilities in Intel firmware may allow for...
NVidia Windows GPU Display Driver Contains Multiple Vulnerabilities in the Kernel Mode Layer - us
Lenovo Security Advisory: LEN-10822 Potential Impact: Denial of service and escalation of privileges Severity: High Scope of Impact: Industry-Wide CVE Identifier: CVE-2016-8805, CVE-2016-8806, CVE-2016-8807, CVE-2016-8808, CVE-2016-8809. CVE-2016-8810, CVE-2016-8811, CVE-2016-7391, CVE-2016-7387,...
DLL Search Path and Symbolic Link Vulnerabilities - Lenovo Support US
Lenovo Security Advisory: LEN-27431 Potential Impact: Privilege escalation Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2019-6173, CVE-2019-6196 Summary Description: DLL search path and symbolic link vulnerabilities could allow privilege escalation in some Lenovo...
Dolby DAX2 API Denial of Service - Lenovo Support US
Lenovo Security Advisory: LEN-26251 Potential Impact: Denial of service Severity: TBD Scope of Impact: Industry-wide CVE Identifier: CVE-2019-10724 Summary Description: Dolby has disclosed a denial of service vulnerability in the Dolby DAX2API service, where a low-privileged user can terminate...
SHAREit for Android Vulnerabilities
Lenovo Security Advisory: LEN-6421 Potential Impact: Users with older Android versions may be vulnerable to remote code execution, or a UXSS attack and users with any Android version may be vulnerable to an intent scheme attack. Severity: High Lenovo SHAREit Application: End of Lenovo Support...
Intel BMC Vulnerabilities - Lenovo Support US
Lenovo Security Advisory: LEN-29773 Potential Impact: Escalation of Privilege, Denial of Service and/or Information Disclosure Severity: Critical Scope of Impact: Industry-wide CVE Identifier: CVE-2019-11168, CVE-2019-11170, CVE-2019-11171, CVE-2019-11172, CVE-2019-11173, CVE-2019-11174,...
Multiple Bluetooth Core Specification Vulnerabilities - Lenovo Support US
No description provided...
Local Privilege Escalation in Realtek Audio Driver - us
Lenovo Security Advisory: LEN-15759 Potential Impact: Local Privilege Escalation Severity: High Scope of Impact: Industry-Wide CVE Identifier: CVE-2017-3767 Summary Description: A local privilege escalation vulnerability was identified in the Realtek audio driver. An attacker with local privilege...
Multi-vendor BIOS Security Vulnerabilities (June 2020) - Lenovo Support US
Lenovo Security Advisory: LEN-30042 Potential Impact: Privilege escalation, denial of service, information disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2020-0528, CVE-2020-0529, CVE-2020-8320, CVE-2020-8321, CVE-2020-8322, CVE-2020-8323, CVE-2020-8333, CVE-2020-833...
Intel Smart Sound Technology Vulnerabilities - US
Lenovo Security Advisory: LEN-26775 Potential Impact: Privilege escalation Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3666, CVE-2018-3670, CVE-2018-3672 Summary Description: Intel has notified Lenovo of vulnerabilities affecting Intel Smart Sound Technologies that may...
Local Privilege Escalation in Huawei ME906s 4G LTE Mobile Broadband Driver - us
Lenovo Security Advisory: LEN-15815 Potential Impact: Local privilege escalation Severity: High Scope of Impact: Industry-Wide CVE Identifier: CVE-2017-8185 Summary Description: A local privilege escalation vulnerability has been discovered in the Huawei ME906s 4G LTE Mobile broadband driver used...
NVIDIA GPU Display Driver - June 2020 Security Bulletin - Lenovo Support US
Lenovo Security Advisory: LEN-36925 Potential Impact: Privilege escalation, denial of service, information disclosure, code execution, tampering Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2020-5962, CVE-2020-5963, CVE-2020-5964, CVE-2020-5965, CVE-2020-5966, CVE-2020-5967,...
Lenovo Service Engine (LSE) BIOS for Desktop
Lenovo Security Advisory: LEN-2015-077 Potential Impact: Limited use of system resources Severity: Low Summary: Lenovo has released a utility to remove files configured by Lenovo Service Engine LSE on desktop systems running Windows 8 and 8.1 to follow updated security guidelines from Microsoft...
NVIDIA GPU Display Driver Update - Lenovo Support US
Lenovo Security Advisory: LEN-26250 Potential Impact: Denial of service, privilege escalation, code execution, information disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2019-5665, CVE-2019-5666, CVE-2019-5667, CVE-2019-5668, CVE-2019-5669, CVE-2019-5670,...
Intel BIOS Advisory - Lenovo Support US
Lenovo Security Advisory: LEN-37550 Potential Impact: Escalation of Privilege, Denial of Service, Information Disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2019-14556, CVE-2019-14557, CVE-2019-14558, CVE-2020-8671, CVE-2020-8672, CVE-2020-0571, CVE-2020-24457 Summar...
Alps Touchpad Driver Vulnerabilities - US
Lenovo Security Advisory: LEN-25654 Potential Impact: Denial of service, information disclosure Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-10828 Summary Description: Alps has reported to Lenovo vulnerabilities the Alps Touchpad driver that could allow denial of servi...
Lenovo Service Bridge Vulnerabilities - US
Lenovo Security Advisory: LEN-27725 Potential Impact: Remote code execution Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2019-6166,CVE-2019-6167,CVE-2019-6168, CVE-2019-6169 Summary Description: Vulnerabilities reported in Lenovo Service Bridge could allow remote code...