From DHS/US-CERT’s National Vulnerability Database
The Motorola MH702x devices, prior to version 126.96.36.1991, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 188.8.131.52, that could allow unauthorized access to the driver’s device object.
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 184.108.40.206, that could cause systems to experience a blue screen error.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exist…