Filtered by vendor Lenovo
Subscribe
Total
386 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6193 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes. | |||||
| CVE-2019-6192 | 1 Lenovo | 81 Power Management Driver, Thinkpad 13 Gen 2, Thinkpad 25 and 78 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service. | |||||
| CVE-2019-6191 | 1 Lenovo | 1 Paper | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation. | |||||
| CVE-2019-6190 | 1 Lenovo | 364 510-15ikl, 510-15ikl Firmware, 510s-08ikl and 361 more | 2024-11-21 | 2.1 LOW | 5.0 MEDIUM |
| Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled. | |||||
| CVE-2019-6189 | 1 Lenovo | 1 System Interface Foundation | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL. | |||||
| CVE-2019-6188 | 1 Lenovo | 784 130-14ikb, 130-14ikb Firmware, 130-15ikb and 781 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access. | |||||
| CVE-2019-6187 | 1 Lenovo | 42 Thinksystem Sr670, Thinkagile 7d1h, Thinkagile 7x82 and 39 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server. | |||||
| CVE-2019-6186 | 1 Lenovo | 1 System Interface Foundation | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user. | |||||
| CVE-2019-6184 | 1 Lenovo | 1 Customer Engagement Service | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation. | |||||
| CVE-2019-6183 | 1 Lenovo | 1 Energy Management | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not affected. | |||||
| CVE-2019-6182 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself. | |||||
| CVE-2019-6181 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. | |||||
| CVE-2019-6180 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. | |||||
| CVE-2019-6179 | 1 Lenovo | 2 Xclarity Administrator, Xclarity Integrator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure. | |||||
| CVE-2019-6178 | 1 Lenovo | 12 Home Media Network Hard Drive, Home Media Network Hard Drive Firmware, Ix12-300r and 9 more | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents. | |||||
| CVE-2019-6177 | 1 Lenovo | 1 Solution Center | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Lenovo Vantage or Lenovo Diagnostics in April 2018. | |||||
| CVE-2019-6176 | 1 Lenovo | 2 Thinkpad Usb-c Dock, Thinkpad Usb-c Dock Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service. | |||||
| CVE-2019-6175 | 1 Lenovo | 1 System Update | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. | |||||
| CVE-2019-6173 | 1 Lenovo | 1 Installation Package | 2024-11-21 | 6.9 MEDIUM | 6.7 MEDIUM |
| A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges. | |||||
| CVE-2019-6172 | 1 Lenovo | 784 130-14ikb, 130-14ikb Firmware, 130-15ikb and 781 more | 2024-11-21 | 4.4 MEDIUM | 6.4 MEDIUM |
| A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution. | |||||