Search Results (480 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-8225 1 Lenovo 2 Edge Keyboard Driver, Slim Usb Keyboard Driver 2025-04-20 N/A
Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges.
CVE-2016-8221 1 Lenovo 1 Xclarity Administrator 2025-04-20 N/A
Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code.
CVE-2016-8227 1 Lenovo 1 Transition 2025-04-20 N/A
Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges.
CVE-2016-8106 3 Hp, Intel, Lenovo 60 Ethernet 10gb 2-port 562flr-sfp\+, Ethernet 10gb 2-port 562sfp\+, Ethernet 10gb 4-port 563sfp\+ and 57 more 2025-04-20 N/A
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.
CVE-2017-3771 1 Lenovo 6 Aio E95, Aio E95 Firmware, Thinkcentre M710s and 3 more 2025-04-20 N/A
System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process.
CVE-2017-3770 1 Lenovo 1 Xclarity Administrator 2025-04-20 N/A
Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.
CVE-2017-3767 2 Lenovo, Realtek 47 Thinkpad 10, Thinkpad 11e, Thinkpad 13 and 44 more 2025-04-20 N/A
A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges.
CVE-2017-3761 1 Lenovo 1 Service Framework 2025-04-20 N/A
The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution.
CVE-2017-3760 1 Lenovo 1 Service Framework 2025-04-20 N/A
The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man-in-the-middle attacks leading to possible remote code execution.
CVE-2017-3759 1 Lenovo 1 Service Framework 2025-04-20 N/A
The Lenovo Service Framework Android application accepts some responses from the server without proper validation. This exposes the application to man-in-the-middle attacks leading to possible remote code execution.
CVE-2017-3758 1 Lenovo 1 Service Framework 2025-04-20 N/A
Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution.
CVE-2017-3756 2 Lenovo, Microsoft 151 Thinkpad 10 Ella 2, Thinkpad 10 Ella 2 Bios, Thinkpad 11e Beema and 148 more 2025-04-20 N/A
A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.
CVE-2017-3754 1 Lenovo 20 710s-13ikb\/xiaoxin Air 13ikb, 710s-13isk\/xiaoxin Air 13, Bios and 17 more 2025-04-20 N/A
Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code.
CVE-2017-3753 1 Lenovo 219 63, 63 Firmware, H50-30g and 216 more 2025-04-20 N/A
A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.
CVE-2015-6971 1 Lenovo 1 System Update 2025-04-20 N/A
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.
CVE-2017-3752 2 Ibm, Lenovo 30 1\, 1g L2-7 Slb, Bladecenter and 27 more 2025-04-20 N/A
An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.
CVE-2017-3751 1 Lenovo 1 Thinkpad Compact Usb Keyboard Driver 2025-04-20 N/A
An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges.
CVE-2016-1876 1 Lenovo 1 Solution Center 2025-04-20 N/A
The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors.
CVE-2017-3750 2 Google, Lenovo 21 Android, Vibe A1600, Vibe A2560 and 18 more 2025-04-20 N/A
On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749.
CVE-2017-3749 2 Google, Lenovo 21 Android, Vibe A1600, Vibe A2560 and 18 more 2025-04-20 N/A
On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750.