CVE |
Vendors |
Products |
Updated |
CVSS |
CVE-2019-6182 |
1 Lenovo |
1 Xclarity Administrator |
2019-10-09 |
4.0 |
A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted... |
CVE-2019-6181 |
1 Lenovo |
1 Xclarity Administrator |
2019-10-09 |
4.3 |
A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The... |
CVE-2019-6180 |
1 Lenovo |
1 Xclarity Administrator |
2019-10-09 |
3.5 |
A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the... |
CVE-2019-6179 |
1 Lenovo |
1 Xclarity Administrator |
2019-10-09 |
5.0 |
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity... |
CVE-2019-6178 |
1 Lenovo |
6 Home Media Network Hard Drive Firmware, Ix12-300r Firmware, Px12-350r Firmware and 3 more |
2019-10-09 |
4.3 |
An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any... |
CVE-2019-6177 |
1 Lenovo |
1 Solution Center |
2019-10-09 |
7.5 |
A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo... |
CVE-2019-6171 |
1 Lenovo |
148 20a7 Firmware, 20a8 Firmware, 20a9 Firmware and 145 more |
2019-10-09 |
7.2 |
A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware. |
CVE-2019-6165 |
1 Lenovo |
2 Yoga 700-11isk Firmware, Yoga 700-14isk Firmware |
2019-10-09 |
6.8 |
A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended support for PaperDisplay Hotkey software as the Night light feature introduced in Windows 10 Build... |
CVE-2019-6159 |
1 Lenovo |
15 Bladecenter Hs22 Firmware, Bladecenter Hs22v Firmware, Bladecenter Hx5 Firmware and 12 more |
2019-10-09 |
4.3 |
A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause... |
CVE-2019-6158 |
1 Lenovo |
1 Xclarity Administrator |
2019-10-09 |
4.3 |
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA... |
CVE-2019-6157 |
2 Ibm, Lenovo |
42 Bladecenter Hs22 Firmware, Bladecenter Hs23 Firmware, Bladecenter Hs23e Firmware and 39 more |
2019-10-09 |
5.0 |
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support. |
CVE-2017-3763 |
1 Lenovo |
1 Xclarity Administrator |
2019-10-03 |
2.1 |
An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2. |
CVE-2018-9066 |
1 Lenovo |
1 Xclarity Administrator |
2019-10-03 |
9.0 |
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's... |
CVE-2018-9078 |
1 Lenovo |
20 Ez Media %26 Backup Center Firmware, Ix2 Firmware, Ix4-300d Firmware and 17 more |
2019-10-03 |
6.8 |
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of... |
CVE-2018-9085 |
2 Ibm, Lenovo |
26 Bladecenter Hs23 Firmware, Bladecenter Hs23e Firmware, Flex System X220 M4 Firmware and 23 more |
2019-10-03 |
4.0 |
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform... |
CVE-2018-9077 |
1 Lenovo |
1 Lenovoemc Firmware |
2019-10-03 |
9.3 |
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. As a result,... |
CVE-2017-3770 |
1 Lenovo |
1 Xclarity Administrator |
2019-10-03 |
6.5 |
Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system. |
CVE-2017-3761 |
1 Lenovo |
1 Service Framework |
2019-10-03 |
10.0 |
The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution. |
CVE-2017-3746 |
1 Lenovo |
1 Thinkpad Usb 3.0 Ethernet Adapter Driver |
2019-10-03 |
7.2 |
ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges. |
CVE-2018-9064 |
1 Lenovo |
1 Xclarity Administrator |
2019-10-03 |
4.0 |
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user. |