Filtered by vendor Lenovo
Subscribe
Total
400 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3323 | 1 Lenovo | 6 Thinkserver Rd350, Thinkserver Rd450, Thinkserver Rd550 and 3 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication.
|
|||||
| CVE-2016-1489 | 1 Lenovo | 1 Shareit | 2025-04-12 | 4.3 MEDIUM | 8.0 HIGH |
|
Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors.
|
|||||
| CVE-2016-1344 | 7 Cisco, Lenovo, Netgear and 4 more | 7 Ios Xe, Thinkcentre E75s Firmware, Jr6150 Firmware and 4 more | 2025-04-12 | 7.1 HIGH | 5.9 MEDIUM |
|
The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.
|
|||||
| CVE-2015-7819 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password.
|
|||||
| CVE-2016-4782 | 2 Google, Lenovo | 2 Android, Shareit | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
|
Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack."
|
|||||
| CVE-2015-3324 | 1 Lenovo | 6 Thinkserver Rd350, Thinkserver Rd450, Thinkserver Rd550 and 3 more | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers.
|
|||||
| CVE-2016-3944 | 1 Lenovo | 1 Accelerator Application | 2025-04-12 | 9.3 HIGH | 7.5 HIGH |
|
UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com.
|
|||||
| CVE-2016-1490 | 1 Lenovo | 1 Shareit | 2025-04-12 | 2.7 LOW | 4.1 MEDIUM |
|
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list.
|
|||||
| CVE-2016-5248 | 1 Lenovo | 1 Solution Center | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
|
The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument.
|
|||||
| CVE-2016-5729 | 1 Lenovo | 1 Bios Efi Driver | 2025-04-12 | 6.8 MEDIUM | 8.2 HIGH |
|
Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors.
|
|||||
| CVE-2016-6257 | 4 Amazonbasics, Dell, Lenovo and 1 more | 14 Firmware, Usb Dongle, Wireless Keyboard and 11 more | 2025-04-12 | 3.3 LOW | 6.5 MEDIUM |
|
The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."
|
|||||
| CVE-2015-3214 | 6 Arista, Debian, Lenovo and 3 more | 19 Eos, Debian Linux, Emc Px12-400r Ivx and 16 more | 2025-04-12 | 6.9 MEDIUM | N/A |
|
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
|
|||||
| CVE-2015-3320 | 1 Lenovo | 1 Usb Enhanced Performance Keyboard | 2025-04-12 | 2.1 LOW | N/A |
|
Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output.
|
|||||
| CVE-2014-1939 | 2 Google, Lenovo | 2 Android, Shareit | 2025-04-12 | 7.5 HIGH | N/A |
|
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.
|
|||||
| CVE-2015-7818 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2025-04-12 | 7.2 HIGH | N/A |
|
The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file.
|
|||||
| CVE-2013-1361 | 1 Lenovo | 1 Thinkpad Bluetooth With Enhanced Data Rate Software | 2025-04-11 | 9.3 HIGH | N/A |
|
Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software 6.4.0.2900 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Lenovo Bluetooth.
|
|||||
| CVE-2009-0655 | 1 Lenovo | 1 Veriface | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user.
|
|||||
| CVE-2007-1307 | 2 Intel, Lenovo | 2 Pro 1000 Lan Adapter, Thinkpad | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.
|
|||||
| CVE-2007-2929 | 1 Lenovo | 2 Access Support, Automated Solutions | 2025-04-09 | 5.8 MEDIUM | N/A |
|
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code.
|
|||||
| CVE-2008-3249 | 1 Lenovo | 1 Thinkvantage System Update | 2025-04-09 | 5.1 MEDIUM | N/A |
|
The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.
|
|||||
| CVE-2007-2240 | 1 Lenovo | 2 Access Support, Automated Solutions | 2025-04-09 | 5.8 MEDIUM | N/A |
|
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download.
|
|||||
| CVE-2008-4589 | 1 Lenovo | 1 Resuce And Recovery | 2025-04-09 | 7.2 HIGH | N/A |
|
Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name.
|
|||||
| CVE-2007-2928 | 1 Lenovo | 2 Access Support, Automated Solutions | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data.
|
|||||
| CVE-2022-4568 | 1 Lenovo | 1 System Update | 2025-01-30 | N/A | 7.0 HIGH |
|
A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.
|
|||||
| CVE-2022-48186 | 1 Lenovo | 1 Baiying | 2025-01-30 | N/A | 6.2 MEDIUM |
|
A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure.
|
|||||
| CVE-2024-45104 | 1 Lenovo | 1 Xclarity Administrator | 2024-12-13 | N/A | 6.3 MEDIUM |
|
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.
|
|||||
| CVE-2024-45103 | 1 Lenovo | 1 Xclarity Administrator | 2024-12-13 | N/A | 4.3 MEDIUM |
|
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.
|
|||||
| CVE-2023-6540 | 1 Lenovo | 2 Browser Hd, Browser Mobile | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information.
|
|||||
| CVE-2023-6450 | 1 Lenovo | 1 App Store | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service.
|
|||||
| CVE-2023-6338 | 1 Lenovo | 1 Universal Device Client | 2024-11-21 | N/A | 7.8 HIGH |
|
Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
|
|||||
| CVE-2023-6044 | 1 Lenovo | 1 Vantage | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges.
|
|||||
| CVE-2023-6043 | 1 Lenovo | 1 Vantage | 2024-11-21 | N/A | 7.8 HIGH |
|
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges.
|
|||||
| CVE-2023-5081 | 1 Lenovo | 8 Tab M8 Hd Tb8505f, Tab M8 Hd Tb8505f Firmware, Tab M8 Hd Tb8505fs and 5 more | 2024-11-21 | N/A | 3.3 LOW |
|
An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.
|
|||||
| CVE-2023-5080 | 1 Lenovo | 12 Tab M10 Plus Gen 3 Tb125fu, Tab M10 Plus Gen 3 Tb125fu Firmware, Tab M8 Hd Tb8505f and 9 more | 2024-11-21 | N/A | 6.8 MEDIUM |
|
A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.
|
|||||
| CVE-2023-5079 | 1 Lenovo | 1 Lecloud | 2024-11-21 | N/A | 7.5 HIGH |
|
Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure.
|
|||||
| CVE-2023-5078 | 1 Lenovo | 40 Thinkpad L13 Gen 2, Thinkpad L13 Gen 2 Firmware, Thinkpad L13 Gen 3 and 37 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware.
|
|||||
| CVE-2023-5075 | 1 Lenovo | 2 Ideapad Duet 3 10igl5, Ideapad Duet 3 10igl5 Firmware | 2024-11-21 | N/A | 6.7 MEDIUM |
|
A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code.
|
|||||
| CVE-2023-4891 | 2 Lenovo, Microsoft | 2 View Driver, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service.
|
|||||
| CVE-2023-4706 | 1 Lenovo | 1 Preload Directory | 2024-11-21 | N/A | 7.3 HIGH |
|
A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.
|
|||||
| CVE-2023-4632 | 1 Lenovo | 1 System Update | 2024-11-21 | N/A | 7.8 HIGH |
|
An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.
|
|||||