Filtered by vendor Lenovo
Subscriptions
Total
439 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6540 | 1 Lenovo | 2 Browser Hd, Browser Mobile | 2025-06-17 | 6.5 Medium |
| A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information. | ||||
| CVE-2023-6338 | 1 Lenovo | 1 Universal Device Client | 2025-06-03 | 7.8 High |
| Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. | ||||
| CVE-2015-4596 | 1 Lenovo | 1 Mouse Suite | 2025-05-30 | N/A |
| Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges. | ||||
| CVE-2023-5081 | 1 Lenovo | 8 Tab M8 Hd Tb8505f, Tab M8 Hd Tb8505f Firmware, Tab M8 Hd Tb8505fs and 5 more | 2025-05-30 | 3.3 Low |
| An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. | ||||
| CVE-2023-6044 | 1 Lenovo | 1 Vantage | 2025-05-30 | 6.3 Medium |
| A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges. | ||||
| CVE-2021-42205 | 1 Lenovo | 1 Elan Miniport Touchpad Driver | 2025-05-02 | 4.7 Medium |
| ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice. | ||||
| CVE-2017-3743 | 1 Lenovo | 3 Advanced Settings Utility, Toolscenter Dynamic System Analysis, Updatexpress System Pack Installer | 2025-04-20 | N/A |
| If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be able to see the user ID and clear text password that were used to access the second machine during the time the command is processing. | ||||
| CVE-2016-8236 | 1 Lenovo | 6 Thinkserver Firmware, Thinkserver Rd350, Thinkserver Rd450 and 3 more | 2025-04-20 | N/A |
| Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77. | ||||
| CVE-2017-3763 | 1 Lenovo | 1 Xclarity Administrator | 2025-04-20 | N/A |
| An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2. | ||||
| CVE-2015-8110 | 1 Lenovo | 1 Lenovo System Update | 2025-04-20 | N/A |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability." | ||||
| CVE-2016-1876 | 1 Lenovo | 1 Solution Center | 2025-04-20 | N/A |
| The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors. | ||||
| CVE-2017-3767 | 2 Lenovo, Realtek | 47 Thinkpad 10, Thinkpad 11e, Thinkpad 13 and 44 more | 2025-04-20 | N/A |
| A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges. | ||||
| CVE-2017-3749 | 2 Google, Lenovo | 21 Android, Vibe A1600, Vibe A2560 and 18 more | 2025-04-20 | N/A |
| On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750. | ||||
| CVE-2016-8106 | 3 Hp, Intel, Lenovo | 60 Ethernet 10gb 2-port 562flr-sfp\+, Ethernet 10gb 2-port 562sfp\+, Ethernet 10gb 4-port 563sfp\+ and 57 more | 2025-04-20 | N/A |
| A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions. | ||||
| CVE-2016-8225 | 1 Lenovo | 2 Edge Keyboard Driver, Slim Usb Keyboard Driver | 2025-04-20 | N/A |
| Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges. | ||||
| CVE-2016-8231 | 1 Lenovo | 1 Lenovo Service Bridge | 2025-04-20 | N/A |
| In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate. | ||||
| CVE-2015-3321 | 1 Lenovo | 1 Fingerprint Manager | 2025-04-20 | N/A |
| Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations. | ||||
| CVE-2016-8227 | 1 Lenovo | 1 Transition | 2025-04-20 | N/A |
| Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges. | ||||
| CVE-2017-3744 | 2 Ibm, Lenovo | 47 Bladecenter Hs22, Bladecenter Hs23, Bladecenter Hs23e and 44 more | 2025-04-20 | N/A |
| In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands. | ||||
| CVE-2016-8228 | 1 Lenovo | 1 Lenovo Service Bridge | 2025-04-20 | N/A |
| In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. | ||||