Vulnerabilities > Lenovo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-14 | CVE-2019-6193 | Information Exposure vulnerability in Lenovo Xclarity Administrator An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes. | 7.5 |
| 2019-12-10 | CVE-2019-6183 | Unspecified vulnerability in Lenovo Energy Management 15.11.29.1 A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. | 7.5 |
| 2019-11-20 | CVE-2019-6191 | Unspecified vulnerability in Lenovo Paper 1.0.0.22 A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation. | 7.8 |
| 2019-11-20 | CVE-2019-6189 | Untrusted Search Path vulnerability in Lenovo System Interface Foundation 1.0.66.0 A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL. | 7.8 |
| 2019-11-20 | CVE-2019-6186 | Unspecified vulnerability in Lenovo System Interface Foundation 1.0.66.0 A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user. | 8.8 |
| 2019-11-20 | CVE-2019-6184 | Unspecified vulnerability in Lenovo Customer Engagement Service 2.0.21.1 A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation. | 7.8 |
| 2019-11-20 | CVE-2019-6176 | Unspecified vulnerability in Lenovo Thinkpad Usb-C Dock Firmware 3.7.2 A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service. | 7.5 |
| 2019-09-26 | CVE-2019-6175 | Unspecified vulnerability in Lenovo System Update A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. | 7.5 |
| 2019-09-26 | CVE-2019-6161 | Session Fixation vulnerability in Lenovo CP Storage Block Firmware An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. | 7.5 |
| 2019-09-03 | CVE-2019-6179 | XXE vulnerability in Lenovo Xclarity Administrator and Xclarity Integrator An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure. | 7.5 |