CVSS: 7.4EPSS: 0%CPEs: 9EXPL: 0CVE-2019-0130
https://notcve.org/view.php?id=CVE-2019-0130
Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access. Un XSS reflejado en la interfaz web para Accelerated Storage Manager de Intel® en RSTe de Intel® anterior a versión 5.5.0.2015, puede permitir que un usuario no autenticado pueda habilitar potencialmente la denegación de servicio por medio de un acceso a la red. • http://www.securityfocus.com/bid/108775 https://support.lenovo.com/us/en/product_security/LEN-27843 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 9EXPL: 0CVE-2019-0164
https://notcve.org/view.php?id=CVE-2019-0164
Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access. Los permisos inapropiados en el instalador para el controlador versión 1.0.0.1035 y anteriores de Turbo Boost Max Technology de Intel® versión 3.0, pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios por medio del acceso local. • http://www.securityfocus.com/bid/108770 https://support.lenovo.com/us/en/product_security/LEN-27841 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00243.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6158
https://notcve.org/view.php?id=CVE-2019-6158
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x. Una auditoría interna de seguridad del producto de Lenovo XClarity Administrator (LXCA) descubrió que las credenciales de proxy HTTP se escribían en un archivo de registro en texto en claro. Esto sólo afecta a LXCA cuando se han configurado las credenciales de proxy HTTP. • http://www.securityfocus.com/bid/108165 https://support.lenovo.com/solutions/LEN-26141 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 84EXPL: 0CVE-2019-6157
https://notcve.org/view.php?id=CVE-2019-6157
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support. En varias versiones de firmware de Lenovo System x, First Failure Data Capture (FFDC) del módulo de administración integrada II (IMM2) incluye la clave privada del servidor web dentro del archivo de registro generado para soporte. • https://support.lenovo.com/solutions/LEN-25667 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 3.3EPSS: 0%CPEs: 356EXPL: 0CVE-2019-6156
https://notcve.org/view.php?id=CVE-2019-6156
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected. En los sistemas Lenovo, SMM BIOS Write Protection se utiliza para evitar la escritura en SPI Flash. • https://support.lenovo.com/solutions/LEN-26332 • CWE-667: Improper Locking •