The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.
lenovo
CVE-2020-8342
A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.
CVE-2019-6192
A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.
CVE-2019-6190
Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop – All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled.
CVE-2019-6195
An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when “Local Authentication and Authorization” or “LDAP Authentication and Authorization” modes are configured and used by XCC.
CVE-2019-6161
An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs.