Lenovo

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-6186 1Lenovo 1System Interface Foundation Nov 21, 2024 Nov 20, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user.
CVE-2019-6184 1Lenovo 1Customer Engagement Service Nov 21, 2024 Nov 20, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation.
CVE-2019-6176 1Lenovo 1Thinkpad Usb C Dock Firmware Nov 21, 2024 Nov 20, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service.
CVE-2019-6188 1Lenovo 392130 14ikb Firmware 130 15ikb Firmware330 14ikb Firmware+389 more Nov 21, 2024 Nov 12, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access.
CVE-2019-6172 1Lenovo 392130 14ikb Firmware 130 15ikb Firmware330 14ikb Firmware+389 more Nov 21, 2024 Nov 12, 2019 N/A· v4 6.4 MEDIUM· v3 4.4 MEDIUM· v2 A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution.
CVE-2019-6170 1Lenovo 392130 14ikb Firmware 130 15ikb Firmware330 14ikb Firmware+389 more Nov 21, 2024 Nov 12, 2019 N/A· v4 6.4 MEDIUM· v3 4.4 MEDIUM· v2 A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.
CVE-2019-6175 1Lenovo 1System Update Nov 21, 2024 Sep 26, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations.
CVE-2019-6161 1Lenovo 1Cp Storage Block Firmware Nov 21, 2024 Sep 26, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to b...Show more An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs.Show less
CVE-2019-6182 1Lenovo 1Xclarity Administrator Nov 21, 2024 Sep 3, 2019 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that coul...Show more A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself.Show less
CVE-2019-6181 1Lenovo 1Xclarity Administrator Nov 21, 2024 Sep 3, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the...Show more A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.Show less
CVE-2019-6180 1Lenovo 1Xclarity Administrator Nov 21, 2024 Sep 3, 2019 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which m...Show more A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.Show less
CVE-2019-6179 1Lenovo 2Xclarity Administrator Xclarity Integrator Nov 21, 2024 Sep 3, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, an...Show more An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure.Show less
CVE-2019-10724 1Lenovo 108100e 2nd Gen Firmware 300e 2nd Gen Firmware330 14ikbr Firmware+105 more Nov 21, 2024 Aug 29, 2019 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions:...Show more There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions: Legion Y520T_Z370 6.0.1.8642, AIO310-20IAP 6.0.1.8642, AIO510-22ISH 6.0.1.8642, AIO510-23ISH 6.0.1.8642, AIO520-22IKL 6.0.1.8642, AIO520-22IKU 6.0.1.8642, AIO520-24IKL 6.0.1.8642, AIO520-24IKU 6.0.1.8642, AIO520-27IKL 6.0.1.8642, AIO720-24IKB 6.0.1.8642, IdeaCentre 520S-23IKU 6.0.1.8642, ThinkCentre M700z 6.0.1.8642, ThinkCentre M800z 6.0.1.8642, ThinkCentre M810z 6.0.1.8642, ThinkCentre M818z 6.0.1.8642, ThinkCentre M900Z 6.0.1.8642, ThinkCentre M910z 6.0.1.8642, V410z(YT S4250) 6.0.1.8642, 330-14IKBR Win10:6.0.1.8652, 330-15IKBR Win10:6.0.1.8652, 330-15IKBR (Brazil) Win10:6.0.1.8652, 330-15IKBR Touch Win10:6.0.1.8652, 330-17IKBR Win10:6.0.1.8652, YOGA 730-13IKB Win10:6.0.1.8644, YOGA 730-15IKB Win10:6.0.1.8644, ThinkPad L560 6.0.1.8644 and 6.0.1.8652, ThinkPad L570 6.0.1.8644 and 6.0.1.8652, ThinkPad P50 6.0.1.8642, ThinkPad P50s 6.0.1.8642, ThinkPad P51s (20Jx, 20Kx) 6.0.1.8642, ThinkPad P51s (20Hx) 6.0.1.8642, ThinkPad P52s 6.0.1.8642, ThinkPad P70 6.0.1.8642, ThinkPad T25 6.0.1.8642, ThinkPad T460s 6.0.1.8642, ThinkPad T470 6.0.1.8642, ThinkPad T470s 6.0.1.8642, ThinkPad T480 6.0.1.8642, ThinkPad T480s 6.0.1.8642, ThinkPad T560 6.0.1.8642, ThinkPad T570 6.0.1.8642, ThinkPad T580 6.0.1.8642, ThinkPad X1 Carbon 8.66.76.72 and 8.66.68.54, ThinkPad X1 Carbon 6th 6.0.1.8642, ThinkPad X1 Carbon, X1 Yoga 8.66.62.92 and 8.66.62.54, ThinkPad X1 Tablet (20Gx) 6.0.1.8642, ThinkPad X1 Tablet (20Jx) 6.0.1.8642, ThinkPad X1 Tablet Gen 3 6.0.1.8642, ThinkPad X1 Yoga (20Jx) 8.66.88.60, ThinkPad X1 Yoga 3rd 6.0.1.8642, ThinkPad X280 6.0.1.8642, ThinkPad Yoga 260, S1 8.66.62.92 and 8.66.62.54.Show less
CVE-2019-6177 1Lenovo 1Solution Center Nov 21, 2024 Aug 21, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended...Show more A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Lenovo Vantage or Lenovo Diagnostics in April 2018.Show less
CVE-2019-6178 1Lenovo 6Home Media Network Hard Drive Firmware Ix12 300r FirmwarePx12 350r Firmware+3 more Nov 21, 2024 Aug 19, 2019 N/A· v4 5.3 MEDIUM· v3 4.3 MEDIUM· v2 An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read,...Show more An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents.Show less
CVE-2019-6171 1Lenovo 14820a7 Firmware 20a8 Firmware20a9 Firmware+145 more Nov 21, 2024 Aug 19, 2019 N/A· v4 6.8 MEDIUM· v3 7.2 HIGH· v2 A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmwa...Show more A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.Show less
CVE-2019-6165 1Lenovo 2Yoga 700 11isk Firmware Yoga 700 14isk Firmware Nov 21, 2024 Aug 19, 2019 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended support for PaperDisplay Hotkey software as the Night light feature intr...Show more A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended support for PaperDisplay Hotkey software as the Night light feature introduced in Windows 10 Build 1703 provides similar features.Show less
CVE-2019-6159 1Lenovo 15Bladecenter Hs22 Firmware Bladecenter Hs22v FirmwareBladecenter Hx5 Firmware+12 more Nov 21, 2024 Aug 19, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthentica...Show more A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM log which may then be executed in the user's web browser when IMM log records containing the JavaScript code are viewed. The JavaScript code is not executed on IMM itself. The later IMM2 (IMM v2) is not affected.Show less
CVE-2019-6160 1Lenovo 6Home Media Network Hard Drive Firmware Ix12 300r FirmwarePx12 350r Firmware+3 more Nov 21, 2024 Jul 16, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.
CVE-2019-6169 1Lenovo 1Service Bridge Nov 21, 2024 Jun 26, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP.

Previous 1...121314...20 Next