Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-20 | CVE-2019-6176 | Unspecified vulnerability in Lenovo Thinkpad Usb-C Dock Firmware 3.7.2 A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service. | 7.5 |
| 2019-11-12 | CVE-2019-6188 | Unspecified vulnerability in Lenovo products The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access. | 9.8 |
| 2019-11-12 | CVE-2019-6172 | Unspecified vulnerability in Lenovo products A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution. | 6.4 |
| 2019-11-12 | CVE-2019-6170 | Unspecified vulnerability in Lenovo products A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution. | 6.4 |
| 2019-09-26 | CVE-2019-6175 | Unspecified vulnerability in Lenovo System Update A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. | 7.5 |
| 2019-09-26 | CVE-2019-6161 | Session Fixation vulnerability in Lenovo CP Storage Block Firmware An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. | 7.5 |
| 2019-09-03 | CVE-2019-6182 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenovo Xclarity Administrator A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. | 4.9 |
| 2019-09-03 | CVE-2019-6181 | Cross-site Scripting vulnerability in Lenovo Xclarity Administrator A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. | 6.1 |
| 2019-09-03 | CVE-2019-6180 | Cross-site Scripting vulnerability in Lenovo Xclarity Administrator A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. | 4.8 |
| 2019-09-03 | CVE-2019-6179 | XXE vulnerability in Lenovo Xclarity Administrator and Xclarity Integrator An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure. | 7.5 |