Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Lenovo Subscribe
Total 284 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-3742 3 Google, Lenovo, Microsoft 3 Android, Connect2, Windows 2017-07-26 2.3 LOW 4.8 MEDIUM
In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user's contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems.
CVE-2016-8106 3 Hp, Intel, Lenovo 60 Ethernet 10gb 2-port 562flr-sfp\+, Ethernet 10gb 2-port 562sfp\+, Ethernet 10gb 4-port 563sfp\+ and 57 more 2017-07-26 4.3 MEDIUM 5.9 MEDIUM
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.
CVE-2017-3745 1 Lenovo 1 Xclarity Administrator 2017-06-30 2.1 LOW 7.8 HIGH
In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers.
CVE-2017-3743 1 Lenovo 3 Advanced Settings Utility, Toolscenter Dynamic System Analysis, Updatexpress System Pack Installer 2017-06-30 3.5 LOW 7.5 HIGH
If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be able to see the user ID and clear text password that were used to access the second machine during the time the command is processing.
CVE-2015-4596 1 Lenovo 1 Mouse Suite 2017-06-28 4.6 MEDIUM 7.8 HIGH
Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges.
CVE-2016-8231 1 Lenovo 1 Lenovo Service Bridge 2017-06-09 5.0 MEDIUM 7.5 HIGH
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.
CVE-2016-8229 1 Lenovo 1 Lenovo Service Bridge 2017-06-09 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.
CVE-2016-8228 1 Lenovo 1 Lenovo Service Bridge 2017-06-09 7.2 HIGH 7.8 HIGH
In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.
CVE-2016-8230 1 Lenovo 1 Lenovo Service Bridge 2017-06-09 5.0 MEDIUM 7.5 HIGH
In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.
CVE-2016-1876 1 Lenovo 1 Solution Center 2017-06-07 7.2 HIGH 7.8 HIGH
The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors.
CVE-2015-8109 1 Lenovo 1 Lenovo System Update 2017-04-28 6.9 MEDIUM 7.0 HIGH
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability."
CVE-2015-8110 1 Lenovo 1 Lenovo System Update 2017-04-28 7.2 HIGH 7.8 HIGH
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability."
CVE-2016-8237 1 Lenovo 1 Updates 2017-04-17 9.3 HIGH 8.1 HIGH
Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code.
CVE-2016-8235 1 Lenovo 1 Customer Care Software Development Kit 2017-04-17 7.2 HIGH 7.8 HIGH
Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges.
CVE-2016-8236 1 Lenovo 6 Thinkserver Firmware, Thinkserver Rd350, Thinkserver Rd450 and 3 more 2017-03-09 5.0 MEDIUM 7.5 HIGH
Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77.
CVE-2016-8233 1 Lenovo 1 Xclarity Administrator 2017-03-02 5.0 MEDIUM 9.8 CRITICAL
Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.
CVE-2016-8226 1 Lenovo 11 Flex System X240 M5 Bios, Flex System X280 M6 Bios, Flex System X480 X6 Bios and 8 more 2017-01-31 6.8 MEDIUM 4.9 MEDIUM
The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.
CVE-2016-8225 1 Lenovo 2 Edge Keyboard Driver, Slim Usb Keyboard Driver 2017-01-31 4.6 MEDIUM 7.8 HIGH
Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges.
CVE-2016-8227 1 Lenovo 1 Transition 2017-01-27 7.2 HIGH 7.8 HIGH
Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges.
CVE-2016-8221 1 Lenovo 1 Xclarity Administrator 2017-01-19 1.9 LOW 7.0 HIGH
Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code.