Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-20 | CVE-2019-6186 | Unspecified vulnerability in Lenovo System Interface Foundation A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user. | 6.5 |
| 2019-11-20 | CVE-2019-6184 | Unspecified vulnerability in Lenovo Customer Engagement Service 2.0.21.1 A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation. | 4.6 |
| 2019-11-20 | CVE-2019-6176 | Unspecified vulnerability in Lenovo Thinkpad Usb-C Dock Firmware 3.7.2 A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service. | 5.0 |
| 2019-11-12 | CVE-2019-6188 | Unspecified vulnerability in Lenovo products The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access. | 7.5 |
| 2019-11-12 | CVE-2019-6172 | Unspecified vulnerability in Lenovo products A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution. local lenovo | 4.4 |
| 2019-11-12 | CVE-2019-6170 | Unspecified vulnerability in Lenovo products A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution. local lenovo | 4.4 |
| 2019-09-26 | CVE-2019-6175 | Unspecified vulnerability in Lenovo System Update A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. | 7.8 |
| 2019-09-26 | CVE-2019-6161 | Session Fixation vulnerability in Lenovo CP Storage Block Firmware An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. | 5.0 |
| 2019-09-03 | CVE-2019-6182 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenovo Xclarity Administrator A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. | 4.9 |
| 2019-09-03 | CVE-2019-6181 | Cross-site Scripting vulnerability in Lenovo Xclarity Administrator A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. | 6.1 |