Vulnerabilities (CVE)

Vendor filter

Lenovo Subscribe

Filter

109 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-6182 1 Lenovo 1 Xclarity Administrator 2019-10-09 4.0
A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted...
CVE-2019-6181 1 Lenovo 1 Xclarity Administrator 2019-10-09 4.3
A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The...
CVE-2019-6180 1 Lenovo 1 Xclarity Administrator 2019-10-09 3.5
A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the...
CVE-2019-6179 1 Lenovo 1 Xclarity Administrator 2019-10-09 5.0
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity...
CVE-2019-6178 1 Lenovo 6 Home Media Network Hard Drive Firmware, Ix12-300r Firmware, Px12-350r Firmware and 3 more 2019-10-09 4.3
An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any...
CVE-2019-6177 1 Lenovo 1 Solution Center 2019-10-09 7.5
A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo...
CVE-2019-6171 1 Lenovo 148 20a7 Firmware, 20a8 Firmware, 20a9 Firmware and 145 more 2019-10-09 7.2
A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.
CVE-2019-6165 1 Lenovo 2 Yoga 700-11isk Firmware, Yoga 700-14isk Firmware 2019-10-09 6.8
A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended support for PaperDisplay Hotkey software as the Night light feature introduced in Windows 10 Build...
CVE-2019-6159 1 Lenovo 15 Bladecenter Hs22 Firmware, Bladecenter Hs22v Firmware, Bladecenter Hx5 Firmware and 12 more 2019-10-09 4.3
A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause...
CVE-2019-6158 1 Lenovo 1 Xclarity Administrator 2019-10-09 4.3
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA...
CVE-2019-6157 2 Ibm, Lenovo 42 Bladecenter Hs22 Firmware, Bladecenter Hs23 Firmware, Bladecenter Hs23e Firmware and 39 more 2019-10-09 5.0
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.
CVE-2017-3763 1 Lenovo 1 Xclarity Administrator 2019-10-03 2.1
An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2.
CVE-2018-9066 1 Lenovo 1 Xclarity Administrator 2019-10-03 9.0
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's...
CVE-2018-9078 1 Lenovo 20 Ez Media %26 Backup Center Firmware, Ix2 Firmware, Ix4-300d Firmware and 17 more 2019-10-03 6.8
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of...
CVE-2018-9085 2 Ibm, Lenovo 26 Bladecenter Hs23 Firmware, Bladecenter Hs23e Firmware, Flex System X220 M4 Firmware and 23 more 2019-10-03 4.0
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform...
CVE-2018-9077 1 Lenovo 1 Lenovoemc Firmware 2019-10-03 9.3
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. As a result,...
CVE-2017-3770 1 Lenovo 1 Xclarity Administrator 2019-10-03 6.5
Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.
CVE-2017-3761 1 Lenovo 1 Service Framework 2019-10-03 10.0
The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution.
CVE-2017-3746 1 Lenovo 1 Thinkpad Usb 3.0 Ethernet Adapter Driver 2019-10-03 7.2
ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges.
CVE-2018-9064 1 Lenovo 1 Xclarity Administrator 2019-10-03 4.0
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user.