Lenovo

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-8536 1Lenovo 1Solution Center Nov 21, 2024 Mar 27, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that coul...Show more MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery.Show less
CVE-2015-8535 1Lenovo 1Solution Center Nov 21, 2024 Mar 27, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to versi...Show more MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.Show less
CVE-2015-8534 1Lenovo 1Solution Center Nov 21, 2024 Mar 27, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior t...Show more MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.Show less
CVE-2015-7336 1Lenovo 1System Update Nov 21, 2024 Mar 27, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow...Show more MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.Show less
CVE-2015-7335 1Lenovo 1System Update Nov 21, 2024 Mar 27, 2020 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allo...Show more MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.Show less
CVE-2015-7334 1Lenovo 1System Update Nov 21, 2024 Mar 27, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008...Show more MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges.Show less
CVE-2015-7333 1Lenovo 1System Update Nov 21, 2024 Mar 27, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008...Show more MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges.Show less
CVE-2015-5684 1Lenovo 27B50 10 Firmware Edge 15 FirmwareFlex 2 Pro 15 Firmware+24 more Nov 21, 2024 Mar 27, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting vario...Show more MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.Show less
CVE-2019-19756 1Lenovo 1Xclarity Administrator Nov 21, 2024 Mar 13, 2020 N/A· v4 6.0 MEDIUM· v3 3.6 LOW· v2 An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affect...Show more An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA.Show less
CVE-2019-6195 1Lenovo 1Xclarity Controller Nov 21, 2024 Feb 14, 2020 N/A· v4 4.8 MEDIUM· v3 2.1 LOW· v2 An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to hig...Show more An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when “Local Authentication and Authorization” or “LDAP Authentication and Authorization” modes are configured and used by XCC.Show less
CVE-2019-6194 1Lenovo 1Xclarity Administrator Nov 21, 2024 Feb 14, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure.
CVE-2019-6193 1Lenovo 1Xclarity Administrator Nov 21, 2024 Feb 14, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, licens...Show more An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes.Show less
CVE-2019-6190 1Lenovo 182510 15ikl Firmware 510s 08ikl FirmwareA340 22 Iwl Firmware+179 more Nov 21, 2024 Feb 14, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after...Show more Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled.Show less
CVE-2019-19758 1Lenovo 2Ez Media & Backup Center Ix2 Dl Firmware Ez Media & Backup Center Ix2 Firmware Nov 21, 2024 Feb 14, 2020 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.406.34763 and prior could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page.
CVE-2019-19757 1Lenovo 1Xclarity Administrator Nov 21, 2024 Feb 14, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to...Show more An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. The JavaScript code is executed on the user's system, not executed on LXCA itself.Show less
CVE-2019-6192 1Lenovo 1Power Management Driver Nov 21, 2024 Dec 10, 2019 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.
CVE-2019-6183 1Lenovo 1Energy Management Nov 21, 2024 Dec 10, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a...Show more A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not affected.Show less
CVE-2019-6191 1Lenovo 1Paper Nov 21, 2024 Nov 20, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation.
CVE-2019-6189 1Lenovo 1System Interface Foundation Nov 21, 2024 Nov 20, 2019 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL.
CVE-2019-6187 1Lenovo 1Xclarity Controller Nov 21, 2024 Nov 20, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informationa...Show more A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server.Show less

Previous 1...111213...20 Next