Filtered by vendor Lenovo
Subscriptions
Total
459 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-3767 | 2 Lenovo, Realtek | 47 Thinkpad 10, Thinkpad 11e, Thinkpad 13 and 44 more | 2025-04-20 | N/A |
| A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges. | ||||
| CVE-2015-3321 | 1 Lenovo | 1 Fingerprint Manager | 2025-04-20 | N/A |
| Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations. | ||||
| CVE-2016-8226 | 1 Lenovo | 11 Flex System X240 M5 Bios, Flex System X280 M6 Bios, Flex System X480 X6 Bios and 8 more | 2025-04-20 | N/A |
| The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. | ||||
| CVE-2016-8221 | 1 Lenovo | 1 Xclarity Administrator | 2025-04-20 | N/A |
| Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code. | ||||
| CVE-2016-8235 | 1 Lenovo | 1 Customer Care Software Development Kit | 2025-04-20 | N/A |
| Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges. | ||||
| CVE-2016-8237 | 1 Lenovo | 1 Updates | 2025-04-20 | N/A |
| Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code. | ||||
| CVE-2016-8233 | 1 Lenovo | 1 Xclarity Administrator | 2025-04-20 | N/A |
| Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. | ||||
| CVE-2016-8231 | 1 Lenovo | 1 Lenovo Service Bridge | 2025-04-20 | N/A |
| In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate. | ||||
| CVE-2016-8225 | 1 Lenovo | 2 Edge Keyboard Driver, Slim Usb Keyboard Driver | 2025-04-20 | N/A |
| Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges. | ||||
| CVE-2016-8227 | 1 Lenovo | 1 Transition | 2025-04-20 | N/A |
| Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges. | ||||
| CVE-2019-19705 | 1 Lenovo | 272 Aio300-23isu, Aio300-23isu Firmware, Aio310-20iap and 269 more | 2025-04-14 | 7.8 High |
| Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading. | ||||
| CVE-2016-8223 | 2 Lenovo, Microsoft | 2 System Interface Foundation, Windows 10 | 2025-04-12 | N/A |
| During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges. | ||||
| CVE-2016-5248 | 1 Lenovo | 1 Solution Center | 2025-04-12 | N/A |
| The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument. | ||||
| CVE-2015-3214 | 6 Arista, Debian, Lenovo and 3 more | 20 Eos, Debian Linux, Emc Px12-400r Ivx and 17 more | 2025-04-12 | N/A |
| The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. | ||||
| CVE-2016-2393 | 1 Lenovo | 2 Fingerprint Manager, Touch Fingerprint | 2025-04-12 | N/A |
| Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks. | ||||
| CVE-2016-4783 | 2 Google, Lenovo | 2 Android, Shareit | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)." | ||||
| CVE-2016-1492 | 1 Lenovo | 1 Shareit | 2025-04-12 | N/A |
| The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area. | ||||
| CVE-2016-1489 | 1 Lenovo | 1 Shareit | 2025-04-12 | N/A |
| Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. | ||||
| CVE-2016-1491 | 1 Lenovo | 1 Shareit | 2025-04-12 | N/A |
| The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area. | ||||
| CVE-2016-1490 | 1 Lenovo | 1 Shareit | 2025-04-12 | N/A |
| The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list. | ||||