Filtered by vendor Lenovo
Subscriptions
Total
439 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6540 | 1 Lenovo | 2 Browser Hd, Browser Mobile | 2025-06-17 | 6.5 Medium |
| A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information. | ||||
| CVE-2023-6338 | 1 Lenovo | 1 Universal Device Client | 2025-06-03 | 7.8 High |
| Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. | ||||
| CVE-2015-4596 | 1 Lenovo | 1 Mouse Suite | 2025-05-30 | N/A |
| Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges. | ||||
| CVE-2023-5081 | 1 Lenovo | 8 Tab M8 Hd Tb8505f, Tab M8 Hd Tb8505f Firmware, Tab M8 Hd Tb8505fs and 5 more | 2025-05-30 | 3.3 Low |
| An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. | ||||
| CVE-2023-6044 | 1 Lenovo | 1 Vantage | 2025-05-30 | 6.3 Medium |
| A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges. | ||||
| CVE-2021-42205 | 1 Lenovo | 1 Elan Miniport Touchpad Driver | 2025-05-02 | 4.7 Medium |
| ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice. | ||||
| CVE-2016-8230 | 1 Lenovo | 1 Lenovo Service Bridge | 2025-04-20 | N/A |
| In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers. | ||||
| CVE-2017-3767 | 2 Lenovo, Realtek | 47 Thinkpad 10, Thinkpad 11e, Thinkpad 13 and 44 more | 2025-04-20 | N/A |
| A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges. | ||||
| CVE-2015-8110 | 1 Lenovo | 1 Lenovo System Update | 2025-04-20 | N/A |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability." | ||||
| CVE-2017-3758 | 1 Lenovo | 1 Service Framework | 2025-04-20 | N/A |
| Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution. | ||||
| CVE-2017-3746 | 1 Lenovo | 1 Thinkpad Usb 3.0 Ethernet Adapter Driver | 2025-04-20 | N/A |
| ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges. | ||||
| CVE-2015-6971 | 1 Lenovo | 1 System Update | 2025-04-20 | N/A |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables. | ||||
| CVE-2016-8228 | 1 Lenovo | 1 Lenovo Service Bridge | 2025-04-20 | N/A |
| In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. | ||||
| CVE-2016-8231 | 1 Lenovo | 1 Lenovo Service Bridge | 2025-04-20 | N/A |
| In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate. | ||||
| CVE-2016-8227 | 1 Lenovo | 1 Transition | 2025-04-20 | N/A |
| Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges. | ||||
| CVE-2017-3753 | 1 Lenovo | 219 63, 63 Firmware, H50-30g and 216 more | 2025-04-20 | N/A |
| A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V. | ||||
| CVE-2016-8229 | 1 Lenovo | 1 Lenovo Service Bridge | 2025-04-20 | N/A |
| A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. | ||||
| CVE-2017-3740 | 1 Lenovo | 1 Active Protection System | 2025-04-20 | N/A |
| In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality. | ||||
| CVE-2017-3770 | 1 Lenovo | 1 Xclarity Administrator | 2025-04-20 | N/A |
| Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system. | ||||
| CVE-2017-3745 | 1 Lenovo | 1 Xclarity Administrator | 2025-04-20 | N/A |
| In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers. | ||||