Lenovo

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-6168 1Lenovo 1Service Bridge Nov 21, 2024 Jun 26, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
CVE-2019-6167 1Lenovo 1Service Bridge Nov 21, 2024 Jun 26, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
CVE-2019-6166 1Lenovo 1Service Bridge Nov 21, 2024 Jun 26, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery.
CVE-2019-6163 1Lenovo 1System Update Nov 21, 2024 Jun 26, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.
CVE-2019-0164 2Intel Lenovo 5Thinkstation P410 Firmware Thinkstation P510 FirmwareThinkstation P710 Firmware+2 more Nov 21, 2024 Jun 13, 2019 N/A· v4 7.3 HIGH· v3 4.4 MEDIUM· v2 Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-0130 2Intel Lenovo 5Rapid Storage Technology Enterprise Thinkstation P520 FirmwareThinkstation P520c Firmware+2 more Nov 21, 2024 Jun 13, 2019 N/A· v4 7.4 HIGH· v3 4.3 MEDIUM· v2 Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2019-6158 1Lenovo 1Xclarity Administrator Nov 21, 2024 May 3, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configu...Show more An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x.Show less
CVE-2019-6157 2Ibm Lenovo 42Bladecenter Hs22 Firmware Bladecenter Hs23 FirmwareBladecenter Hs23e Firmware+39 more Nov 21, 2024 Apr 22, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.
CVE-2019-6156 1Lenovo 177330 14igm Firmware 330 15igm Firmware510 15ikl Firmware+174 more Nov 21, 2024 Apr 10, 2019 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo...Show more In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.Show less
CVE-2019-6154 1Lenovo 1Bootable Usb Nov 21, 2024 Apr 10, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system.
CVE-2019-6149 1Lenovo 1Dynamic Power Reduction Nov 21, 2024 Mar 18, 2019 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2019-0135 2Intel Lenovo 5Rapid Storage Technology Enterprise Thinkstation P520 FirmwareThinkstation P520c Firmware+2 more Nov 21, 2024 Mar 14, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. L-...Show more Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. L-SA-00206Show less
CVE-2018-16098 1Lenovo 59Synaptics Thinkpad Ultranav Driver Thiankpad L430 FirmwareThiankpad L530 Firmware+56 more Nov 21, 2024 Jan 24, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.
CVE-2018-9072 1Lenovo 1Xclarity Integrator Nov 21, 2024 Nov 30, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads.
CVE-2018-16097 1Lenovo 1Xclarity Integrator Nov 21, 2024 Nov 30, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificat...Show more LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.Show less
CVE-2018-16093 1Lenovo 1Xclarity Integrator Nov 21, 2024 Nov 30, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file.
CVE-2018-9084 1Lenovo 1System Management Module Firmware Nov 21, 2024 Nov 27, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented.
CVE-2018-9083 1Lenovo 1System Management Module Firmware Nov 21, 2024 Nov 27, 2018 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 In System Management Module (SMM) versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via s...Show more In System Management Module (SMM) versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability.Show less
CVE-2018-16096 1Lenovo 1System Management Module Firmware Nov 21, 2024 Nov 27, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting.
CVE-2018-16095 1Lenovo 1System Management Module Firmware Nov 21, 2024 Nov 27, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails.

Previous 1...131415...20 Next