CVE-2019-6167
https://notcve.org/view.php?id=CVE-2019-6167
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. Se informa de una vulnerabilidad en Lenovo Service Bridge en versiones anteriores a la 4.1.0.1 que podría permitir la ejecución remota de código. • https://support.lenovo.com/solutions/LEN-27725 •
CVE-2019-6166
https://notcve.org/view.php?id=CVE-2019-6166
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery. Se informa de una vulnerabilidad en Lenovo Service Bridge en versiones anteriores a la 4.1.0.1 que podría permitir Cross-Site Request Forgery (CSRF). • https://support.lenovo.com/solutions/LEN-27725 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-6156
https://notcve.org/view.php?id=CVE-2019-6156
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected. En los sistemas Lenovo, SMM BIOS Write Protection se utiliza para evitar la escritura en SPI Flash. • https://support.lenovo.com/solutions/LEN-26332 • CWE-667: Improper Locking •
CVE-2018-16098
https://notcve.org/view.php?id=CVE-2018-16098
In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user. En algunos ThinkPads de Lenovo se ha detectado una vulnerabilidad de ruta de búsqueda sin entrecomillar, en varias versiones del controlador de Synaptics Pointing Device, que podría permitir la ejecución de código como usuario con bajos privilegios. • https://support.lenovo.com/bg/en/product_security/len-24573 https://support.lenovo.com/us/en/solutions/LEN-24573 • CWE-428: Unquoted Search Path or Element •
CVE-2018-9069 – BIOS Write Protection Race Condition
https://notcve.org/view.php?id=CVE-2018-9069
In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS. En algunos modelos de consumidor del notebook Lenovo IdeaPad, una condición de carrera en el mecanismo de bloqueo del dispositivo flash de la BIOS no está protegido adecuadamente, lo que podría permitir que un atacante con acceso de administrador altere el contenido de la BIOS. • https://support.lenovo.com/us/en/solutions/LEN-20184 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •