Filtered by vendor Lenovo
Subscribe
Total
403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42205 | 1 Lenovo | 1 Elan Miniport Touchpad Driver | 2025-05-02 | N/A | 4.7 MEDIUM |
| ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice. | |||||
| CVE-2016-8228 | 1 Lenovo | 1 Lenovo Service Bridge | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. | |||||
| CVE-2017-15361 | 35 Acer, Aopen, Asi and 32 more | 126 C720 Chromebook, Chromebase, Chromebase 24 and 123 more | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS. | |||||
| CVE-2017-3749 | 2 Google, Lenovo | 21 Android, Vibe A1600, Vibe A2560 and 18 more | 2025-04-20 | 6.9 MEDIUM | 6.4 MEDIUM |
| On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750. | |||||
| CVE-2015-8109 | 1 Lenovo | 1 Lenovo System Update | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability." | |||||
| CVE-2017-3747 | 2 Lenovo, Microsoft | 2 Nerve Center, Windows 10 | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys. | |||||
| CVE-2016-8237 | 1 Lenovo | 1 Updates | 2025-04-20 | 9.3 HIGH | 8.1 HIGH |
| Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code. | |||||
| CVE-2016-8225 | 1 Lenovo | 2 Edge Keyboard Driver, Slim Usb Keyboard Driver | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges. | |||||
| CVE-2017-3741 | 1 Lenovo | 2 Power Management, Thinkpad X1 Carbon 5 | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| In the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint's firmware and stop the trackpoint from functioning correctly. This issue only affects ThinkPad X1 Carbon 5th generation. | |||||
| CVE-2016-8226 | 1 Lenovo | 11 Flex System X240 M5 Bios, Flex System X280 M6 Bios, Flex System X480 X6 Bios and 8 more | 2025-04-20 | 6.8 MEDIUM | 4.9 MEDIUM |
| The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. | |||||
| CVE-2016-8227 | 1 Lenovo | 1 Transition | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges. | |||||
| CVE-2016-8230 | 1 Lenovo | 1 Lenovo Service Bridge | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers. | |||||
| CVE-2015-3321 | 1 Lenovo | 1 Fingerprint Manager | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations. | |||||
| CVE-2017-3759 | 1 Lenovo | 1 Service Framework | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| The Lenovo Service Framework Android application accepts some responses from the server without proper validation. This exposes the application to man-in-the-middle attacks leading to possible remote code execution. | |||||
| CVE-2017-3740 | 1 Lenovo | 1 Active Protection System | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality. | |||||
| CVE-2015-6971 | 1 Lenovo | 1 System Update | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables. | |||||
| CVE-2017-3754 | 1 Lenovo | 20 710s-13ikb\/xiaoxin Air 13ikb, 710s-13isk\/xiaoxin Air 13, Bios and 17 more | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code. | |||||
| CVE-2017-3770 | 1 Lenovo | 1 Xclarity Administrator | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system. | |||||
| CVE-2017-3743 | 1 Lenovo | 3 Advanced Settings Utility, Toolscenter Dynamic System Analysis, Updatexpress System Pack Installer | 2025-04-20 | 3.5 LOW | 7.5 HIGH |
| If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be able to see the user ID and clear text password that were used to access the second machine during the time the command is processing. | |||||
| CVE-2016-8236 | 1 Lenovo | 6 Thinkserver Firmware, Thinkserver Rd350, Thinkserver Rd450 and 3 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77. | |||||