Filtered by vendor Lenovo
Subscribe
Total
390 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15361 | 35 Acer, Aopen, Asi and 32 more | 126 C720 Chromebook, Chromebase, Chromebase 24 and 123 more | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS. | |||||
| CVE-2017-3771 | 1 Lenovo | 6 Aio E95, Aio E95 Firmware, Thinkcentre M710s and 3 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process. | |||||
| CVE-2017-3751 | 1 Lenovo | 1 Thinkpad Compact Usb Keyboard Driver | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges. | |||||
| CVE-2016-8106 | 3 Hp, Intel, Lenovo | 60 Ethernet 10gb 2-port 562flr-sfp\+, Ethernet 10gb 2-port 562sfp\+, Ethernet 10gb 4-port 563sfp\+ and 57 more | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions. | |||||
| CVE-2017-3750 | 2 Google, Lenovo | 21 Android, Vibe A1600, Vibe A2560 and 18 more | 2025-04-20 | 6.9 MEDIUM | 6.4 MEDIUM |
| On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749. | |||||
| CVE-2016-8226 | 1 Lenovo | 11 Flex System X240 M5 Bios, Flex System X280 M6 Bios, Flex System X480 X6 Bios and 8 more | 2025-04-20 | 6.8 MEDIUM | 4.9 MEDIUM |
| The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. | |||||
| CVE-2015-8110 | 1 Lenovo | 1 Lenovo System Update | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability." | |||||
| CVE-2017-3740 | 1 Lenovo | 1 Active Protection System | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality. | |||||
| CVE-2016-8227 | 1 Lenovo | 1 Transition | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges. | |||||
| CVE-2016-8230 | 1 Lenovo | 1 Lenovo Service Bridge | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers. | |||||
| CVE-2016-8233 | 1 Lenovo | 1 Xclarity Administrator | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. | |||||
| CVE-2017-3758 | 1 Lenovo | 1 Service Framework | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution. | |||||
| CVE-2017-3770 | 1 Lenovo | 1 Xclarity Administrator | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system. | |||||
| CVE-2015-8109 | 1 Lenovo | 1 Lenovo System Update | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability." | |||||
| CVE-2016-8229 | 1 Lenovo | 1 Lenovo Service Bridge | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. | |||||
| CVE-2017-3756 | 2 Lenovo, Microsoft | 151 Thinkpad 10 Ella 2, Thinkpad 10 Ella 2 Bios, Thinkpad 11e Beema and 148 more | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path. | |||||
| CVE-2017-3764 | 1 Lenovo | 1 Xclarity Administrator | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is exposed. | |||||
| CVE-2016-8235 | 1 Lenovo | 1 Customer Care Software Development Kit | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges. | |||||
| CVE-2017-3760 | 1 Lenovo | 1 Service Framework | 2025-04-20 | 5.1 MEDIUM | 8.1 HIGH |
| The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man-in-the-middle attacks leading to possible remote code execution. | |||||
| CVE-2015-6971 | 1 Lenovo | 1 System Update | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables. | |||||