Search Results (480 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1492 1 Lenovo 1 Shareit 2025-04-12 N/A
The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
CVE-2015-2219 1 Lenovo 1 System Update 2025-04-12 N/A
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.
CVE-2016-1491 1 Lenovo 1 Shareit 2025-04-12 N/A
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
CVE-2016-1490 1 Lenovo 1 Shareit 2025-04-12 N/A
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list.
CVE-2016-1489 1 Lenovo 1 Shareit 2025-04-12 N/A
Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors.
CVE-2016-1350 6 Cisco, Lenovo, Samsung and 3 more 6 Ios Xe, Thinkcentre E75s Firmware, X14j Firmware and 3 more 2025-04-12 N/A
Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.
CVE-2016-1344 7 Cisco, Lenovo, Netgear and 4 more 7 Ios Xe, Thinkcentre E75s Firmware, Jr6150 Firmware and 4 more 2025-04-12 N/A
The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.
CVE-2015-3324 1 Lenovo 6 Thinkserver Rd350, Thinkserver Rd450, Thinkserver Rd550 and 3 more 2025-04-12 N/A
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers.
CVE-2015-3322 1 Lenovo 10 Thinkserver Rd350, Thinkserver Rd350 Firmware, Thinkserver Rd450 and 7 more 2025-04-12 N/A
Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.
CVE-2015-3323 1 Lenovo 6 Thinkserver Rd350, Thinkserver Rd450, Thinkserver Rd550 and 3 more 2025-04-12 N/A
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication.
CVE-2013-1361 1 Lenovo 1 Thinkpad Bluetooth With Enhanced Data Rate Software 2025-04-11 N/A
Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software 6.4.0.2900 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Lenovo Bluetooth.
CVE-2022-4433 1 Lenovo 2 Thinkpad X13s, Thinkpad X13s Firmware 2025-04-10 6.7 Medium
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.
CVE-2022-4434 1 Lenovo 2 Thinkpad X13s, Thinkpad X13s Firmware 2025-04-10 6.7 Medium
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure.
CVE-2022-4435 1 Lenovo 2 Thinkpad X13s, Thinkpad X13s Firmware 2025-04-10 6.7 Medium
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.
CVE-2022-4432 1 Lenovo 2 Thinkpad X13s, Thinkpad X13s Firmware 2025-04-08 6.7 Medium
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.
CVE-2022-1891 1 Lenovo 12 Thinkbook 14-iil, Thinkbook 14-iil Firmware, Thinkbook 14-iml and 9 more 2025-04-03 6.7 Medium
A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
CVE-2022-4816 1 Lenovo 1 Safecenter 2025-04-02 6.2 Medium
A denial-of-service vulnerability has been identified in Lenovo Safecenter that could allow a local user to crash the application.
CVE-2022-3430 1 Lenovo 88 D330-10igl, D330-10igl Firmware, Ideapad 5 Pro 16arh7 and 85 more 2025-04-02 6.7 Medium
A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
CVE-2022-1892 1 Lenovo 140 100e 2nd Gen, 100e 2nd Gen Firmware, 100w Gen 3 and 137 more 2025-04-02 6.7 Medium
A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
CVE-2022-1109 1 Lenovo 1 Leyun 2025-04-02 5.5 Medium
An incorrect default permissions vulnerability in Lenovo Leyun cloud music application could allow denial of service.