Vulnerabilities > Lenovo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-20 | CVE-2019-6189 | Untrusted Search Path vulnerability in Lenovo System Interface Foundation 1.0.66.0 A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL. | 7.8 |
| 2019-11-20 | CVE-2019-6186 | Unspecified vulnerability in Lenovo System Interface Foundation 1.0.66.0 A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user. | 8.8 |
| 2019-11-20 | CVE-2019-6184 | Unspecified vulnerability in Lenovo Customer Engagement Service 2.0.21.1 A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation. | 7.8 |
| 2019-11-20 | CVE-2019-6176 | Unspecified vulnerability in Lenovo Thinkpad Usb-C Dock Firmware 3.7.2 A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service. | 7.5 |
| 2019-09-26 | CVE-2019-6175 | Unspecified vulnerability in Lenovo System Update A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. | 7.5 |
| 2019-09-26 | CVE-2019-6161 | Session Fixation vulnerability in Lenovo CP Storage Block Firmware An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. | 7.5 |
| 2019-09-03 | CVE-2019-6179 | XXE vulnerability in Lenovo Xclarity Administrator and Xclarity Integrator An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure. | 7.5 |
| 2019-08-19 | CVE-2019-6165 | Untrusted Search Path vulnerability in Lenovo Yoga 700-11Isk Firmware and Yoga 700-14Isk Firmware A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. | 7.8 |
| 2019-07-16 | CVE-2019-6160 | Unspecified vulnerability in Lenovo products A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API. | 7.5 |
| 2019-06-26 | CVE-2019-6169 | Missing Encryption of Sensitive Data vulnerability in Lenovo Service Bridge A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP. | 7.5 |