Vulnerabilities > Lenovo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-26 | CVE-2019-6169 | Missing Encryption of Sensitive Data vulnerability in Lenovo Service Bridge A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP. | 7.5 |
| 2019-06-26 | CVE-2019-6166 | Cross-Site Request Forgery (CSRF) vulnerability in Lenovo Service Bridge A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery. | 8.8 |
| 2019-06-13 | CVE-2019-0164 | Permissions, Privileges, and Access Controls vulnerability in multiple products Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
| 2019-06-13 | CVE-2019-0130 | Cross-site Scripting vulnerability in multiple products Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access. | 7.4 |
| 2019-03-18 | CVE-2019-6149 | Unquoted Search Path or Element vulnerability in Lenovo Dynamic Power Reduction An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges. | 7.2 |
| 2019-03-14 | CVE-2019-0135 | Permissions, Privileges, and Access Controls vulnerability in multiple products Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2019-01-24 | CVE-2018-16098 | Unquoted Search Path or Element vulnerability in Lenovo products In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user. | 7.2 |
| 2018-11-27 | CVE-2018-16089 | OS Command Injection vulnerability in Lenovo System Management Module Firmware In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user. | 8.5 |
| 2018-10-02 | CVE-2018-9069 | Race Condition vulnerability in multiple products In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS. | 7.0 |
| 2018-09-28 | CVE-2018-9079 | Cross-site Scripting vulnerability in Lenovo products For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. | 7.5 |