Filtered by vendor Lenovo
Subscriptions
Total
439 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6540 | 1 Lenovo | 2 Browser Hd, Browser Mobile | 2025-06-17 | 6.5 Medium |
| A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information. | ||||
| CVE-2023-6338 | 1 Lenovo | 1 Universal Device Client | 2025-06-03 | 7.8 High |
| Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. | ||||
| CVE-2015-4596 | 1 Lenovo | 1 Mouse Suite | 2025-05-30 | N/A |
| Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges. | ||||
| CVE-2023-5081 | 1 Lenovo | 8 Tab M8 Hd Tb8505f, Tab M8 Hd Tb8505f Firmware, Tab M8 Hd Tb8505fs and 5 more | 2025-05-30 | 3.3 Low |
| An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. | ||||
| CVE-2023-6044 | 1 Lenovo | 1 Vantage | 2025-05-30 | 6.3 Medium |
| A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges. | ||||
| CVE-2021-42205 | 1 Lenovo | 1 Elan Miniport Touchpad Driver | 2025-05-02 | 4.7 Medium |
| ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice. | ||||
| CVE-2017-3751 | 1 Lenovo | 1 Thinkpad Compact Usb Keyboard Driver | 2025-04-20 | N/A |
| An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges. | ||||
| CVE-2017-3743 | 1 Lenovo | 3 Advanced Settings Utility, Toolscenter Dynamic System Analysis, Updatexpress System Pack Installer | 2025-04-20 | N/A |
| If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be able to see the user ID and clear text password that were used to access the second machine during the time the command is processing. | ||||
| CVE-2016-8233 | 1 Lenovo | 1 Xclarity Administrator | 2025-04-20 | N/A |
| Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. | ||||
| CVE-2016-8228 | 1 Lenovo | 1 Lenovo Service Bridge | 2025-04-20 | N/A |
| In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. | ||||
| CVE-2016-8235 | 1 Lenovo | 1 Customer Care Software Development Kit | 2025-04-20 | N/A |
| Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges. | ||||
| CVE-2016-8226 | 1 Lenovo | 11 Flex System X240 M5 Bios, Flex System X280 M6 Bios, Flex System X480 X6 Bios and 8 more | 2025-04-20 | N/A |
| The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. | ||||
| CVE-2016-8229 | 1 Lenovo | 1 Lenovo Service Bridge | 2025-04-20 | N/A |
| A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. | ||||
| CVE-2016-8227 | 1 Lenovo | 1 Transition | 2025-04-20 | N/A |
| Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges. | ||||
| CVE-2017-3758 | 1 Lenovo | 1 Service Framework | 2025-04-20 | N/A |
| Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution. | ||||
| CVE-2017-3759 | 1 Lenovo | 1 Service Framework | 2025-04-20 | N/A |
| The Lenovo Service Framework Android application accepts some responses from the server without proper validation. This exposes the application to man-in-the-middle attacks leading to possible remote code execution. | ||||
| CVE-2016-8231 | 1 Lenovo | 1 Lenovo Service Bridge | 2025-04-20 | N/A |
| In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate. | ||||
| CVE-2016-8225 | 1 Lenovo | 2 Edge Keyboard Driver, Slim Usb Keyboard Driver | 2025-04-20 | N/A |
| Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges. | ||||
| CVE-2016-8230 | 1 Lenovo | 1 Lenovo Service Bridge | 2025-04-20 | N/A |
| In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers. | ||||
| CVE-2017-3763 | 1 Lenovo | 1 Xclarity Administrator | 2025-04-20 | N/A |
| An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2. | ||||