Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-03 | CVE-2019-6182 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenovo Xclarity Administrator A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. | 4.9 |
| 2019-09-03 | CVE-2019-6181 | Cross-site Scripting vulnerability in Lenovo Xclarity Administrator A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. | 6.1 |
| 2019-09-03 | CVE-2019-6180 | Cross-site Scripting vulnerability in Lenovo Xclarity Administrator A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. | 4.8 |
| 2019-09-03 | CVE-2019-6179 | XXE vulnerability in Lenovo Xclarity Administrator and Xclarity Integrator An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure. | 7.5 |
| 2019-08-29 | CVE-2019-10724 | Unspecified vulnerability in Lenovo products There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. | 6.5 |
| 2019-08-21 | CVE-2019-6177 | Information Exposure vulnerability in Lenovo Solution Center 03.12.003 A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. | 9.8 |
| 2019-08-19 | CVE-2019-6178 | Unspecified vulnerability in Lenovo products An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. | 5.3 |
| 2019-08-19 | CVE-2019-6171 | Unspecified vulnerability in Lenovo products A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware. low complexity lenovo | 6.8 |
| 2019-08-19 | CVE-2019-6165 | Untrusted Search Path vulnerability in Lenovo Yoga 700-11Isk Firmware and Yoga 700-14Isk Firmware A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. | 7.8 |
| 2019-08-19 | CVE-2019-6159 | Cross-site Scripting vulnerability in Lenovo products A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). | 6.1 |