Vendor CVEs
Lenovo
All CVEs
486 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-8536 | 0.00 | — | 0.00 | Mar 27, 2020 | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery. | |||
| CVE-2015-7333 | 0.00 | — | 0.00 | Mar 27, 2020 | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and… | |||
| CVE-2015-8535 | 0.00 | — | 0.01 | Mar 27, 2020 | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary… | |||
| CVE-2015-7334 | 0.00 | — | 0.00 | Mar 27, 2020 | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could… | |||
| CVE-2015-7335 | 0.00 | — | 0.00 | Mar 27, 2020 | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges. | |||
| CVE-2015-8534 | 0.00 | — | 0.00 | Mar 27, 2020 | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute… | |||
| CVE-2019-19756 | 0.00 | — | 0.00 | Mar 13, 2020 | An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver… | |||
| CVE-2019-6195 | 0.00 | — | 0.01 | Feb 14, 2020 | An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication… | |||
| CVE-2019-6194 | 0.00 | — | 0.01 | Feb 14, 2020 | An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure. | |||
| CVE-2019-6193 | 0.00 | — | 0.01 | Feb 14, 2020 | An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes. | |||
| CVE-2019-6190 | 0.00 | — | 0.00 | Feb 14, 2020 | Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled. | |||
| CVE-2019-19758 | 0.00 | — | 0.01 | Feb 14, 2020 | A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.406.34763 and prior could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page. | |||
| CVE-2019-19757 | 0.00 | — | 0.01 | Feb 14, 2020 | An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially… | |||
| CVE-2019-6183 | 0.00 | — | 0.02 | Dec 10, 2019 | A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not… | |||
| CVE-2019-6191 | 0.00 | — | 0.00 | Nov 20, 2019 | A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation. | |||
| CVE-2019-6189 | 0.00 | — | 0.00 | Nov 20, 2019 | A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL. | |||
| CVE-2019-6187 | 0.00 | — | 0.01 | Nov 20, 2019 | A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being… | |||
| CVE-2019-6186 | 0.00 | — | 0.01 | Nov 20, 2019 | A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user. | |||
| CVE-2019-6184 | 0.00 | — | 0.00 | Nov 20, 2019 | A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation. | |||
| CVE-2019-6176 | 0.00 | — | 0.01 | Nov 20, 2019 | A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service. | |||
| CVE-2019-6188 | 0.00 | — | 0.01 | Nov 12, 2019 | The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access. | |||
| CVE-2019-6170 | 0.00 | — | 0.00 | Nov 12, 2019 | A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution. | |||
| CVE-2019-6172 | 0.00 | — | 0.00 | Nov 12, 2019 | A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution. | |||
| CVE-2019-6161 | 0.00 | — | 0.01 | Sep 26, 2019 | An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the… | |||
| CVE-2019-6175 | 0.00 | — | 0.02 | Sep 26, 2019 | A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. | |||
| CVE-2019-6182 | 0.00 | — | 0.01 | Sep 3, 2019 | A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV… | |||
| CVE-2019-6181 | 0.00 | — | 0.01 | Sep 3, 2019 | A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on… | |||
| CVE-2019-6180 | 0.00 | — | 0.01 | Sep 3, 2019 | A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The… | |||
| CVE-2019-6179 | 0.00 | — | 0.01 | Sep 3, 2019 | An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter… | |||
| CVE-2019-10724 | 0.00 | — | 0.01 | Aug 28, 2019 | There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions: Legion Y520T_Z370 6.0.1.8642, AIO310-20IAP 6.0.1.8642,… | |||
| CVE-2019-6177 | 0.00 | — | 0.01 | Aug 21, 2019 | A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that… | |||
| CVE-2019-6178 | 0.00 | — | 0.01 | Aug 19, 2019 | An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file… | |||
| CVE-2019-6171 | 0.00 | — | 0.00 | Aug 19, 2019 | A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware. | |||
| CVE-2019-6165 | 0.00 | — | 0.00 | Aug 19, 2019 | A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended support for PaperDisplay Hotkey software as the Night light feature introduced in Windows 10 Build 1703 provides similar features. | |||
| CVE-2019-6159 | 0.00 | — | 0.01 | Aug 19, 2019 | A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM… | |||
| CVE-2019-6160 | 0.00 | — | 0.01 | Jul 16, 2019 | A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API. | |||
| CVE-2019-6169 | 0.00 | — | 0.01 | Jun 26, 2019 | A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP. | |||
| CVE-2019-6168 | 0.00 | — | 0.02 | Jun 26, 2019 | A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. | |||
| CVE-2019-6167 | 0.00 | — | 0.02 | Jun 26, 2019 | A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. | |||
| CVE-2019-6166 | 0.00 | — | 0.00 | Jun 26, 2019 | A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery. | |||
| CVE-2019-6163 | 0.00 | — | 0.01 | Jun 26, 2019 | A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations. | |||
| CVE-2019-6158 | 0.00 | — | 0.01 | May 3, 2019 | An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x. | |||
| CVE-2019-6157 | 0.00 | — | 0.01 | Apr 22, 2019 | In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support. | |||
| CVE-2019-6155 | 0.00 | — | 0.01 | Apr 22, 2019 | A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service. | |||
| CVE-2019-6156 | 0.00 | — | 0.00 | Apr 10, 2019 | In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in… | |||
| CVE-2019-6154 | 0.00 | — | 0.01 | Apr 10, 2019 | A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system. | |||
| CVE-2019-9939 | 0.00 | — | 0.02 | Mar 22, 2019 | The SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to bypass authentication by trying to fetch a non-existing page. When the… | |||
| CVE-2019-9938 | 0.00 | — | 0.01 | Mar 22, 2019 | The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos,… | |||
| CVE-2019-6149 | 0.00 | — | 0.00 | Mar 15, 2019 | An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges. | |||
| CVE-2018-19106 | 0.00 | — | 0.01 | Feb 20, 2019 | Avi Vantage before 17.2.13 uses an invalid URL encoding during a redirect operation, aka AV-33959. |
- CVE-2015-8536Mar 27, 2020risk 0.00cvss —epss 0.00
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery.
- CVE-2015-7333Mar 27, 2020risk 0.00cvss —epss 0.00
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and…
- CVE-2015-8535Mar 27, 2020risk 0.00cvss —epss 0.01
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary…
- CVE-2015-7334Mar 27, 2020risk 0.00cvss —epss 0.00
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could…
- CVE-2015-7335Mar 27, 2020risk 0.00cvss —epss 0.00
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.
- CVE-2015-8534Mar 27, 2020risk 0.00cvss —epss 0.00
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute…
- CVE-2019-19756Mar 13, 2020risk 0.00cvss —epss 0.00
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver…
- CVE-2019-6195Feb 14, 2020risk 0.00cvss —epss 0.01
An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication…
- CVE-2019-6194Feb 14, 2020risk 0.00cvss —epss 0.01
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure.
- CVE-2019-6193Feb 14, 2020risk 0.00cvss —epss 0.01
An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes.
- CVE-2019-6190Feb 14, 2020risk 0.00cvss —epss 0.00
Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled.
- CVE-2019-19758Feb 14, 2020risk 0.00cvss —epss 0.01
A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.406.34763 and prior could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page.
- CVE-2019-19757Feb 14, 2020risk 0.00cvss —epss 0.01
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially…
- CVE-2019-6183Dec 10, 2019risk 0.00cvss —epss 0.02
A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not…
- CVE-2019-6191Nov 20, 2019risk 0.00cvss —epss 0.00
A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation.
- CVE-2019-6189Nov 20, 2019risk 0.00cvss —epss 0.00
A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL.
- CVE-2019-6187Nov 20, 2019risk 0.00cvss —epss 0.01
A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being…
- CVE-2019-6186Nov 20, 2019risk 0.00cvss —epss 0.01
A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user.
- CVE-2019-6184Nov 20, 2019risk 0.00cvss —epss 0.00
A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation.
- CVE-2019-6176Nov 20, 2019risk 0.00cvss —epss 0.01
A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service.
- CVE-2019-6188Nov 12, 2019risk 0.00cvss —epss 0.01
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access.
- CVE-2019-6170Nov 12, 2019risk 0.00cvss —epss 0.00
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.
- CVE-2019-6172Nov 12, 2019risk 0.00cvss —epss 0.00
A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution.
- CVE-2019-6161Sep 26, 2019risk 0.00cvss —epss 0.01
An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the…
- CVE-2019-6175Sep 26, 2019risk 0.00cvss —epss 0.02
A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations.
- CVE-2019-6182Sep 3, 2019risk 0.00cvss —epss 0.01
A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV…
- CVE-2019-6181Sep 3, 2019risk 0.00cvss —epss 0.01
A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on…
- CVE-2019-6180Sep 3, 2019risk 0.00cvss —epss 0.01
A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The…
- CVE-2019-6179Sep 3, 2019risk 0.00cvss —epss 0.01
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter…
- CVE-2019-10724Aug 28, 2019risk 0.00cvss —epss 0.01
There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions: Legion Y520T_Z370 6.0.1.8642, AIO310-20IAP 6.0.1.8642,…
- CVE-2019-6177Aug 21, 2019risk 0.00cvss —epss 0.01
A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that…
- CVE-2019-6178Aug 19, 2019risk 0.00cvss —epss 0.01
An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file…
- CVE-2019-6171Aug 19, 2019risk 0.00cvss —epss 0.00
A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.
- CVE-2019-6165Aug 19, 2019risk 0.00cvss —epss 0.00
A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended support for PaperDisplay Hotkey software as the Night light feature introduced in Windows 10 Build 1703 provides similar features.
- CVE-2019-6159Aug 19, 2019risk 0.00cvss —epss 0.01
A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM…
- CVE-2019-6160Jul 16, 2019risk 0.00cvss —epss 0.01
A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.
- CVE-2019-6169Jun 26, 2019risk 0.00cvss —epss 0.01
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP.
- CVE-2019-6168Jun 26, 2019risk 0.00cvss —epss 0.02
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
- CVE-2019-6167Jun 26, 2019risk 0.00cvss —epss 0.02
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
- CVE-2019-6166Jun 26, 2019risk 0.00cvss —epss 0.00
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery.
- CVE-2019-6163Jun 26, 2019risk 0.00cvss —epss 0.01
A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.
- CVE-2019-6158May 3, 2019risk 0.00cvss —epss 0.01
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x.
- CVE-2019-6157Apr 22, 2019risk 0.00cvss —epss 0.01
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.
- CVE-2019-6155Apr 22, 2019risk 0.00cvss —epss 0.01
A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service.
- CVE-2019-6156Apr 10, 2019risk 0.00cvss —epss 0.00
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in…
- CVE-2019-6154Apr 10, 2019risk 0.00cvss —epss 0.01
A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system.
- CVE-2019-9939Mar 22, 2019risk 0.00cvss —epss 0.02
The SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to bypass authentication by trying to fetch a non-existing page. When the…
- CVE-2019-9938Mar 22, 2019risk 0.00cvss —epss 0.01
The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos,…
- CVE-2019-6149Mar 15, 2019risk 0.00cvss —epss 0.00
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
- CVE-2018-19106Feb 20, 2019risk 0.00cvss —epss 0.01
Avi Vantage before 17.2.13 uses an invalid URL encoding during a redirect operation, aka AV-33959.
Page 9 of 10