Vulnerabilities > Lenovo

DATE CVE VULNERABILITY TITLE RISK
2019-09-03 CVE-2019-6180 Cross-site Scripting vulnerability in Lenovo Xclarity Administrator
A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser.
network
low complexity
lenovo CWE-79
4.8
2019-09-03 CVE-2019-6179 XXE vulnerability in Lenovo Xclarity Administrator and Xclarity Integrator
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure.
network
low complexity
lenovo CWE-611
7.5
2019-08-29 CVE-2019-10724 Unspecified vulnerability in Lenovo products
There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege.
network
low complexity
lenovo
6.8
2019-08-21 CVE-2019-6177 Information Exposure vulnerability in Lenovo Solution Center 03.12.003
A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation.
network
low complexity
lenovo CWE-200
critical
9.8
2019-08-19 CVE-2019-6178 Unspecified vulnerability in Lenovo products
An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled.
network
low complexity
lenovo
5.3
2019-08-19 CVE-2019-6171 Unspecified vulnerability in Lenovo products
A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.
low complexity
lenovo
6.8
2019-08-19 CVE-2019-6165 Untrusted Search Path vulnerability in Lenovo Yoga 700-11Isk Firmware and Yoga 700-14Isk Firmware
A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation.
local
low complexity
lenovo CWE-426
7.8
2019-08-19 CVE-2019-6159 Cross-site Scripting vulnerability in Lenovo products
A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC).
network
lenovo CWE-79
4.3
2019-07-16 CVE-2019-6160 Unspecified vulnerability in Lenovo products
A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.
network
low complexity
lenovo
5.0
2019-06-26 CVE-2019-6169 Missing Encryption of Sensitive Data vulnerability in Lenovo Service Bridge
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP.
network
low complexity
lenovo CWE-311
7.5