Vulnerabilities > Lenovo

DATE CVE VULNERABILITY TITLE RISK
2020-02-14 CVE-2019-6190 Improper Initialization vulnerability in Lenovo products
Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled.
local
low complexity
lenovo CWE-665
5.5
2020-02-14 CVE-2019-19758 Open Redirect vulnerability in Lenovo products
A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.406.34763 and prior could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page.
network
low complexity
lenovo CWE-601
6.1
2020-02-14 CVE-2019-19757 Cross-site Scripting vulnerability in Lenovo Xclarity Administrator
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited.
network
low complexity
lenovo CWE-79
5.4
2019-12-10 CVE-2019-6192 Classic Buffer Overflow vulnerability in Lenovo Power Management Driver
A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.
local
low complexity
lenovo CWE-120
4.4
2019-12-10 CVE-2019-6183 Unspecified vulnerability in Lenovo Energy Management 15.11.29.1
A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error.
network
low complexity
lenovo
7.5
2019-11-20 CVE-2019-6191 Unspecified vulnerability in Lenovo Paper 1.0.0.22
A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation.
local
low complexity
lenovo
7.8
2019-11-20 CVE-2019-6189 Untrusted Search Path vulnerability in Lenovo System Interface Foundation 1.0.66.0
A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL.
local
low complexity
lenovo CWE-426
7.8
2019-11-20 CVE-2019-6187 Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenovo Xclarity Controller
A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file.
network
low complexity
lenovo CWE-1236
6.5
2019-11-20 CVE-2019-6186 Unspecified vulnerability in Lenovo System Interface Foundation 1.0.66.0
A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user.
network
low complexity
lenovo
8.8
2019-11-20 CVE-2019-6184 Unspecified vulnerability in Lenovo Customer Engagement Service 2.0.21.1
A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation.
local
low complexity
lenovo
7.8