CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19757
https://notcve.org/view.php?id=CVE-2019-19757
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. The JavaScript code is executed on the user's system, not executed on LXCA itself. Una auditoría interna de seguridad del producto Lenovo XClarity Administrator (LXCA) detectó una vulnerabilidad de tipo cross-site scripting basada en Document Object Model (DOM) en versiones anteriores a 2.6.6, lo que podría permitir que el código JavaScript sea ejecutado en el navegador web del usuario si un enlace especialmente diseñado es visitado. El código JavaScript es ejecutado sobre el sistema del usuario, no se ejecuta en LXCA por si mismo. • https://support.lenovo.com/us/en/product_security/LEN-29477 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 81EXPL: 2CVE-2019-6192 – Lenovo Power Management Driver 1.67.17.48 - 'pmdrvs.sys' Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2019-6192
A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service. Ha sido reportada una posible vulnerabilidad en Lenovo Power Management Driver versiones anteriores a la versión 1.67.17.48, conllevando un desbordamiento de búfer que podría causar una denegación de servicio. Lenovo Power Management Driver suffers from buffer overflow vulnerability. • https://www.exploit-db.com/exploits/47771 http://packetstormsecurity.com/files/155656/Lenovo-Power-Management-Driver-Buffer-Overflow.html https://support.lenovo.com/solutions/LEN-29334 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6183
https://notcve.org/view.php?id=CVE-2019-6183
A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not affected. Se reportó una vulnerabilidad de denegación de servicio en Lenovo Energy Management Driver para Windows 10 versiones anteriores a 15.11.29.7, lo que podría causar que los sistemas experimenten un error de pantalla azul. Lenovo Energy Management es una utilidad del cliente. • https://support.lenovo.com/solutions/LEN-27682 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6191
https://notcve.org/view.php?id=CVE-2019-6191
A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation. Una posible vulnerabilidad en el software LenovoPaper versión 1.0.0.22 descontinuado, puede permitir una escalada de privilegios local. • https://support.lenovo.com/solutions/LEN-29187 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6189
https://notcve.org/view.php?id=CVE-2019-6189
A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL. Se reportó una vulnerabilidad potencial en Lenovo System Interface Foundation versiones anteriores a la versión v1.1.18.3 lo que podría permitir a un usuario administrativo cargar una DLL sin firmar. • https://support.lenovo.com/solutions/LEN-29198 • CWE-426: Untrusted Search Path •