Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-29 | CVE-2019-10724 | Unspecified vulnerability in Lenovo products There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. | 6.5 |
| 2019-08-21 | CVE-2019-6177 | Information Exposure vulnerability in Lenovo Solution Center 03.12.003 A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. | 9.8 |
| 2019-08-19 | CVE-2019-6178 | Unspecified vulnerability in Lenovo products An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. | 5.3 |
| 2019-08-19 | CVE-2019-6171 | Unspecified vulnerability in Lenovo products A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware. low complexity lenovo | 6.8 |
| 2019-08-19 | CVE-2019-6165 | Untrusted Search Path vulnerability in Lenovo Yoga 700-11Isk Firmware and Yoga 700-14Isk Firmware A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. | 7.8 |
| 2019-08-19 | CVE-2019-6159 | Cross-site Scripting vulnerability in Lenovo products A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). | 6.1 |
| 2019-07-16 | CVE-2019-6160 | Unspecified vulnerability in Lenovo products A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API. | 7.5 |
| 2019-06-26 | CVE-2019-6169 | Missing Encryption of Sensitive Data vulnerability in Lenovo Service Bridge A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP. | 7.5 |
| 2019-06-26 | CVE-2019-6168 | Unspecified vulnerability in Lenovo Service Bridge A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. | 9.8 |
| 2019-06-26 | CVE-2019-6167 | Unspecified vulnerability in Lenovo Service Bridge A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. | 9.8 |