Vulnerabilities (CVE)

Filtered by vendor Lenovo Subscribe
Total 374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-2219 1 Lenovo 1 System Update 2025-04-12 7.2 HIGH N/A
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.
CVE-2016-6257 4 Amazonbasics, Dell, Lenovo and 1 more 14 Firmware, Usb Dongle, Wireless Keyboard and 11 more 2025-04-12 3.3 LOW 6.5 MEDIUM
The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."
CVE-2013-1361 1 Lenovo 1 Thinkpad Bluetooth With Enhanced Data Rate Software 2025-04-11 9.3 HIGH N/A
Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software 6.4.0.2900 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Lenovo Bluetooth.
CVE-2007-2240 1 Lenovo 2 Access Support, Automated Solutions 2025-04-09 5.8 MEDIUM N/A
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download.
CVE-2007-1307 2 Intel, Lenovo 2 Pro 1000 Lan Adapter, Thinkpad 2025-04-09 10.0 HIGH N/A
Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.
CVE-2007-2929 1 Lenovo 2 Access Support, Automated Solutions 2025-04-09 5.8 MEDIUM N/A
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code.
CVE-2008-3249 1 Lenovo 1 Thinkvantage System Update 2025-04-09 5.1 MEDIUM N/A
The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.
CVE-2008-4589 1 Lenovo 1 Resuce And Recovery 2025-04-09 7.2 HIGH N/A
Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name.
CVE-2009-0655 1 Lenovo 1 Veriface 2025-04-09 6.9 MEDIUM N/A
Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user.
CVE-2007-2928 1 Lenovo 2 Access Support, Automated Solutions 2025-04-09 5.8 MEDIUM N/A
Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data.
CVE-2022-4568 1 Lenovo 1 System Update 2025-01-30 N/A 7.0 HIGH
A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.
CVE-2022-48186 1 Lenovo 1 Baiying 2025-01-30 N/A 6.2 MEDIUM
A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure.
CVE-2024-45104 1 Lenovo 1 Xclarity Administrator 2024-12-13 N/A 6.3 MEDIUM
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.
CVE-2024-45103 1 Lenovo 1 Xclarity Administrator 2024-12-13 N/A 4.3 MEDIUM
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.
CVE-2023-6450 1 Lenovo 1 App Store 2024-11-21 N/A 5.5 MEDIUM
An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service.
CVE-2023-6044 1 Lenovo 1 Vantage 2024-11-21 N/A 6.3 MEDIUM
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges.
CVE-2023-6043 1 Lenovo 1 Vantage 2024-11-21 N/A 7.8 HIGH
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges.
CVE-2023-5081 1 Lenovo 8 Tab M8 Hd Tb8505f, Tab M8 Hd Tb8505f Firmware, Tab M8 Hd Tb8505fs and 5 more 2024-11-21 N/A 3.3 LOW
An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.
CVE-2023-5080 1 Lenovo 12 Tab M10 Plus Gen 3 Tb125fu, Tab M10 Plus Gen 3 Tb125fu Firmware, Tab M8 Hd Tb8505f and 9 more 2024-11-21 N/A 6.8 MEDIUM
A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.
CVE-2023-5079 1 Lenovo 1 Lecloud 2024-11-21 N/A 7.5 HIGH
Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure.