Vulnerabilities > Lenovo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-26 | CVE-2019-6166 | Cross-Site Request Forgery (CSRF) vulnerability in Lenovo Service Bridge A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery. | 8.8 |
| 2019-06-26 | CVE-2019-6163 | Improper Resource Shutdown or Release vulnerability in Lenovo System Update A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations. | 7.5 |
| 2019-06-13 | CVE-2019-0164 | Permissions, Privileges, and Access Controls vulnerability in multiple products Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
| 2019-06-13 | CVE-2019-0130 | Cross-site Scripting vulnerability in multiple products Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access. | 7.4 |
| 2019-04-22 | CVE-2019-6157 | Information Exposure Through Log Files vulnerability in multiple products In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support. | 7.5 |
| 2019-04-10 | CVE-2019-6154 | Untrusted Search Path vulnerability in Lenovo Bootable USB A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system. | 7.8 |
| 2019-03-14 | CVE-2019-0135 | Permissions, Privileges, and Access Controls vulnerability in multiple products Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2019-01-24 | CVE-2018-16098 | Unquoted Search Path or Element vulnerability in Lenovo products In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user. | 7.8 |
| 2018-11-27 | CVE-2018-9083 | Use of Hard-coded Credentials vulnerability in Lenovo System Management Module Firmware 1.05 In System Management Module (SMM) versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability. | 8.1 |
| 2018-11-27 | CVE-2018-16094 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lenovo System Management Module Firmware 1.05 In System Management Module (SMM) versions prior to 1.06, an internal SMM function that retrieves configuration settings is prone to a buffer overflow. | 8.1 |