Filtered by vendor Lenovo
Subscriptions
Total
430 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5247 | 1 Lenovo | 23 Bios, Thinkcentre E93, Thinkcentre M6500t\/s and 20 more | 2025-04-12 | N/A |
| The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key. | ||||
| CVE-2016-8224 | 1 Lenovo | 57 Bios, Notebook 110 14ibr, Notebook 110 14ibr Bios and 54 more | 2025-04-12 | N/A |
| A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system. | ||||
| CVE-2016-2393 | 1 Lenovo | 2 Fingerprint Manager, Touch Fingerprint | 2025-04-12 | N/A |
| Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks. | ||||
| CVE-2016-1489 | 1 Lenovo | 1 Shareit | 2025-04-12 | N/A |
| Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. | ||||
| CVE-2015-7818 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2025-04-12 | N/A |
| The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file. | ||||
| CVE-2015-3323 | 1 Lenovo | 6 Thinkserver Rd350, Thinkserver Rd450, Thinkserver Rd550 and 3 more | 2025-04-12 | N/A |
| The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication. | ||||
| CVE-2015-3320 | 1 Lenovo | 1 Usb Enhanced Performance Keyboard | 2025-04-12 | N/A |
| Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output. | ||||
| CVE-2015-2233 | 1 Lenovo | 1 System Update | 2025-04-12 | N/A |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate. | ||||
| CVE-2016-5729 | 1 Lenovo | 1 Bios Efi Driver | 2025-04-12 | 8.2 High |
| Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors. | ||||
| CVE-2016-5249 | 1 Lenovo | 1 Solution Center | 2025-04-12 | N/A |
| Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a named pipe created in advance and crafted .NET assembly. | ||||
| CVE-2015-2219 | 1 Lenovo | 1 System Update | 2025-04-12 | N/A |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe. | ||||
| CVE-2016-5248 | 1 Lenovo | 1 Solution Center | 2025-04-12 | N/A |
| The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument. | ||||
| CVE-2016-4783 | 2 Google, Lenovo | 2 Android, Shareit | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)." | ||||
| CVE-2015-3324 | 1 Lenovo | 6 Thinkserver Rd350, Thinkserver Rd450, Thinkserver Rd550 and 3 more | 2025-04-12 | N/A |
| The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers. | ||||
| CVE-2013-1361 | 1 Lenovo | 1 Thinkpad Bluetooth With Enhanced Data Rate Software | 2025-04-11 | N/A |
| Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software 6.4.0.2900 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Lenovo Bluetooth. | ||||
| CVE-2022-4433 | 1 Lenovo | 2 Thinkpad X13s, Thinkpad X13s Firmware | 2025-04-10 | 6.7 Medium |
| A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. | ||||
| CVE-2022-4434 | 1 Lenovo | 2 Thinkpad X13s, Thinkpad X13s Firmware | 2025-04-10 | 6.7 Medium |
| A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure. | ||||
| CVE-2022-4435 | 1 Lenovo | 2 Thinkpad X13s, Thinkpad X13s Firmware | 2025-04-10 | 6.7 Medium |
| A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. | ||||
| CVE-2008-4589 | 1 Lenovo | 1 Resuce And Recovery | 2025-04-09 | N/A |
| Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name. | ||||
| CVE-2008-3249 | 1 Lenovo | 1 Thinkvantage System Update | 2025-04-09 | N/A |
| The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM. | ||||