Skip to main content

Lenovo

304 CVEs vendor

Monthly

CVE-2016-8227 HIGH This Week

Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Privilege Escalation Lenovo Transition
NVD VulDB
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-8226 MEDIUM This Month

The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Lenovo Flex System X240 M5 Bios Flex System X280 M6 Bios Flex System X480 X6 Bios +8
NVD VulDB
CVSS 3.0
4.9
EPSS
0.3%
CVE-2016-8225 HIGH This Week

Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Edge Keyboard Driver Slim Usb Keyboard Driver
NVD VulDB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-8221 HIGH PATCH This Week

Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by. Rated high severity (CVSS 7.0).

Privilege Escalation Lenovo Xclarity Administrator
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-8224 MEDIUM This Month

A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Denial Of Service Lenovo Bios +28
NVD
CVSS 3.0
4.4
EPSS
0.0%
CVE-2016-8223 HIGH PATCH This Week

During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft RCE Privilege Escalation Lenovo +1
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-5247 HIGH This Week

The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Lenovo Bios
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6257 MEDIUM This Month

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Lenovo Firmware Km714 Firmware Km632 Firmware +2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2016-5729 HIGH This Week

Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Lenovo Bios Efi Driver
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2016-5249 HIGH This Week

Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Lenovo Solution Center
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-5248 MEDIUM This Month

The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Solution Center
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3944 HIGH This Week

UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Lenovo Accelerator Application
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-4783 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Lenovo Shareit
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-4782 HIGH This Week

Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Lenovo Shareit
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-2393 HIGH PATCH This Week

Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Lenovo Fingerprint Manager Touch Fingerprint
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-1492 MEDIUM This Month

The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Lenovo Google Authentication Bypass Shareit
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-1491 HIGH This Week

The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Lenovo Authentication Bypass Shareit
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2016-1490 MEDIUM This Month

The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Information Disclosure Microsoft Shareit
NVD
CVSS 3.0
4.1
EPSS
0.2%
CVE-2016-1489 HIGH This Week

Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network. Rated high severity (CVSS 8.0), this vulnerability is no authentication required. No vendor patch available.

Lenovo Google Information Disclosure Microsoft Shareit
NVD
CVSS 3.0
8.0
EPSS
0.6%
CVE-2015-7820 HIGH This Week

Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

IBM Race Condition Path Traversal Lenovo Switch Center +1
NVD
CVSS 2.0
7.1
EPSS
0.2%
CVE-2015-7819 MEDIUM This Month

The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Lenovo Authentication Bypass Switch Center System Networking Switch Center
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-7818 HIGH This Week

The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Apache Privilege Escalation Lenovo System Networking Switch Center +1
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2015-7817 HIGH This Week

Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

IBM Race Condition Path Traversal Lenovo System Networking Switch Center +1
NVD
CVSS 2.0
7.1
EPSS
0.2%
CVE-2015-2234 MEDIUM This Month

Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain. Rated medium severity (CVSS 6.9). No vendor patch available.

Race Condition Information Disclosure Lenovo System Update
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2015-2233 HIGH This Week

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo System Update
NVD
CVSS 2.0
8.3
EPSS
0.1%
CVE-2015-2219 HIGH POC THREAT Act Now

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 29.6%.

Privilege Escalation Lenovo System Update
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
29.6%
CVE-2015-3322 MEDIUM PATCH This Month

Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Lenovo Thinkserver Rd650 Firmware Thinkserver Rd650 Thinkserver Td350 Firmware +7
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-3320 LOW PATCH Monitor

Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Lenovo Usb Enhanced Performance Keyboard
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-2077 MEDIUM POC This Month

The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Lenovo Information Disclosure Microsoft Redirector Sdk
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2013-1361 CRITICAL Act Now

Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software 6.4.0.2900 and earlier allows local users, and possibly remote attackers, to execute arbitrary code. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Lenovo RCE Thinkpad Bluetooth With Enhanced Data Rate Software
NVD
CVSS 2.0
9.3
EPSS
5.4%
CVE-2013-2894 MEDIUM This Month

drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows physically proximate attackers to cause. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Linux Lenovo Linux Kernel
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2012-4146 MEDIUM This Month

Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Lenovo Opera Browser
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-1196 MEDIUM POC THREAT This Month

Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.4%.

Lenovo Path Traversal Lenovo Thinkmanagement Console
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
77.4%
Threat
4.8
CVE-2012-1195 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.5%.

Privilege Escalation File Upload Lenovo RCE Lenovo Thinkmanagement Console
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
86.5%
Threat
5.6
EPSS 0% CVSS 7.8
HIGH This Week

Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Privilege Escalation +2
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM This Month

The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Lenovo Flex System X240 M5 Bios +10
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Edge Keyboard Driver +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by. Rated high severity (CVSS 7.0).

Privilege Escalation Lenovo Xclarity Administrator
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Denial Of Service +30
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft RCE +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Lenovo Bios
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Lenovo Firmware +4
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Lenovo +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Lenovo +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Solution Center
NVD
EPSS 0% CVSS 7.5
HIGH This Week

UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Lenovo Accelerator Application
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Lenovo +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Lenovo +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Lenovo Fingerprint Manager +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Lenovo Google Authentication Bypass +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Lenovo Authentication Bypass +1
NVD
EPSS 0% CVSS 4.1
MEDIUM This Month

The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Information Disclosure Microsoft +1
NVD
EPSS 1% CVSS 8.0
HIGH This Week

Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network. Rated high severity (CVSS 8.0), this vulnerability is no authentication required. No vendor patch available.

Lenovo Google Information Disclosure +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

IBM Race Condition Path Traversal +3
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Lenovo Authentication Bypass +2
NVD
EPSS 0% CVSS 7.2
HIGH This Week

The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Apache Privilege Escalation +3
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

IBM Race Condition Path Traversal +3
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain. Rated medium severity (CVSS 6.9). No vendor patch available.

Race Condition Information Disclosure Lenovo +1
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo System Update
NVD
EPSS 30% CVSS 7.2
HIGH POC THREAT Act Now

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 29.6%.

Privilege Escalation Lenovo System Update
NVD Exploit-DB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Lenovo Thinkserver Rd650 Firmware +9
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Lenovo Usb Enhanced Performance Keyboard
NVD
EPSS 2% CVSS 5.0
MEDIUM POC This Month

The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Lenovo Information Disclosure Microsoft +1
NVD
EPSS 5% CVSS 9.3
CRITICAL Act Now

Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software 6.4.0.2900 and earlier allows local users, and possibly remote attackers, to execute arbitrary code. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Lenovo RCE Thinkpad Bluetooth With Enhanced Data Rate Software
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows physically proximate attackers to cause. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Linux +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Lenovo +1
NVD
EPSS 77% 4.8 CVSS 5.0
MEDIUM POC THREAT This Month

Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.4%.

Lenovo Path Traversal Lenovo Thinkmanagement Console
NVD Exploit-DB
EPSS 87% 5.6 CVSS 7.5
HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.5%.

Privilege Escalation File Upload Lenovo +2
NVD Exploit-DB
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy