Vulnerabilities > Lenovo > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-14 | CVE-2020-8316 | Unspecified vulnerability in Lenovo Vantage 10.2001.12.0 A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges. | 2.1 |
| 2020-04-14 | CVE-2020-8324 | Improper Input Validation vulnerability in Lenovo System Interface Foundation 1.1.18.3/1.1.19.3/1.1.19.5 A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed. | 2.1 |
| 2020-03-13 | CVE-2019-19756 | Information Exposure Through Log Files vulnerability in Lenovo Xclarity Administrator 2.6.0 An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. | 3.6 |
| 2020-02-14 | CVE-2019-19757 | Cross-site Scripting vulnerability in Lenovo Xclarity Administrator An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. | 3.5 |
| 2020-02-14 | CVE-2019-6190 | Improper Initialization vulnerability in Lenovo products Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled. | 2.1 |
| 2020-02-14 | CVE-2019-6195 | Improper Privilege Management vulnerability in Lenovo Xclarity Controller 1.71Psi328N/3.01Tei392O An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. | 2.1 |
| 2019-12-10 | CVE-2019-6192 | Classic Buffer Overflow vulnerability in Lenovo Power Management Driver A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service. | 2.1 |
| 2019-04-10 | CVE-2019-6156 | Improper Locking vulnerability in Lenovo products In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. | 2.1 |
| 2018-09-28 | CVE-2018-9081 | Cross-site Scripting vulnerability in Lenovo products For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. | 2.6 |
| 2018-07-30 | CVE-2018-9065 | Cleartext Storage of Sensitive Information vulnerability in Lenovo Xclarity Administrator In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended. | 3.5 |