Vulnerabilities > Lenovo
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-14 | CVE-2019-6190 | Improper Initialization vulnerability in Lenovo products Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled. | 5.5 |
2020-02-14 | CVE-2019-19758 | Open Redirect vulnerability in Lenovo products A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.406.34763 and prior could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page. | 6.1 |
2020-02-14 | CVE-2019-19757 | Cross-site Scripting vulnerability in Lenovo Xclarity Administrator An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. | 5.4 |
2019-12-10 | CVE-2019-6192 | Classic Buffer Overflow vulnerability in Lenovo Power Management Driver A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service. | 4.4 |
2019-12-10 | CVE-2019-6183 | Unspecified vulnerability in Lenovo Energy Management 15.11.29.1 A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. | 7.5 |
2019-11-20 | CVE-2019-6191 | Unspecified vulnerability in Lenovo Paper 1.0.0.22 A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation. | 7.8 |
2019-11-20 | CVE-2019-6189 | Untrusted Search Path vulnerability in Lenovo System Interface Foundation 1.0.66.0 A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL. | 7.8 |
2019-11-20 | CVE-2019-6187 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenovo Xclarity Controller A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. | 6.5 |
2019-11-20 | CVE-2019-6186 | Unspecified vulnerability in Lenovo System Interface Foundation 1.0.66.0 A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user. | 8.8 |
2019-11-20 | CVE-2019-6184 | Unspecified vulnerability in Lenovo Customer Engagement Service 2.0.21.1 A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation. | 7.8 |