Filtered by vendor Lenovo
Subscribe
Total
370 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2929 | 1 Lenovo | 2 Access Support, Automated Solutions | 2025-04-09 | 5.8 MEDIUM | N/A |
| The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code. | |||||
| CVE-2008-3249 | 1 Lenovo | 1 Thinkvantage System Update | 2025-04-09 | 5.1 MEDIUM | N/A |
| The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM. | |||||
| CVE-2008-4589 | 1 Lenovo | 1 Resuce And Recovery | 2025-04-09 | 7.2 HIGH | N/A |
| Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name. | |||||
| CVE-2009-0655 | 1 Lenovo | 1 Veriface | 2025-04-09 | 6.9 MEDIUM | N/A |
| Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user. | |||||
| CVE-2007-2928 | 1 Lenovo | 2 Access Support, Automated Solutions | 2025-04-09 | 5.8 MEDIUM | N/A |
| Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data. | |||||
| CVE-2022-4568 | 1 Lenovo | 1 System Update | 2025-01-30 | N/A | 7.0 HIGH |
| A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges. | |||||
| CVE-2022-48186 | 1 Lenovo | 1 Baiying | 2025-01-30 | N/A | 6.2 MEDIUM |
| A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure. | |||||
| CVE-2024-23591 | 1 Lenovo | 2 Thinksystem Sr670 V2, Thinksystem Sr670 V2 Firmware | 2025-01-28 | N/A | 2.0 LOW |
| ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. The server’s NIST SP 800-193-compliant Platform Firmware Resiliency (PFR) security subsystem significantly mitigates this issue. | |||||
| CVE-2024-45104 | 1 Lenovo | 1 Xclarity Administrator | 2024-12-13 | N/A | 6.3 MEDIUM |
| A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call. | |||||
| CVE-2024-45103 | 1 Lenovo | 1 Xclarity Administrator | 2024-12-13 | N/A | 4.3 MEDIUM |
| A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges. | |||||
| CVE-2023-6450 | 1 Lenovo | 1 App Store | 2024-11-21 | N/A | 5.5 MEDIUM |
| An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service. | |||||
| CVE-2023-6044 | 1 Lenovo | 1 Vantage | 2024-11-21 | N/A | 6.3 MEDIUM |
| A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges. | |||||
| CVE-2023-6043 | 1 Lenovo | 1 Vantage | 2024-11-21 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges. | |||||
| CVE-2023-5081 | 1 Lenovo | 8 Tab M8 Hd Tb8505f, Tab M8 Hd Tb8505f Firmware, Tab M8 Hd Tb8505fs and 5 more | 2024-11-21 | N/A | 3.3 LOW |
| An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. | |||||
| CVE-2023-5080 | 1 Lenovo | 12 Tab M10 Plus Gen 3 Tb125fu, Tab M10 Plus Gen 3 Tb125fu Firmware, Tab M8 Hd Tb8505f and 9 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands. | |||||
| CVE-2023-5079 | 1 Lenovo | 1 Lecloud | 2024-11-21 | N/A | 7.5 HIGH |
| Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure. | |||||
| CVE-2023-5078 | 1 Lenovo | 40 Thinkpad L13 Gen 2, Thinkpad L13 Gen 2 Firmware, Thinkpad L13 Gen 3 and 37 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware. | |||||
| CVE-2023-5075 | 1 Lenovo | 2 Ideapad Duet 3 10igl5, Ideapad Duet 3 10igl5 Firmware | 2024-11-21 | N/A | 6.7 MEDIUM |
| A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2023-4891 | 2 Lenovo, Microsoft | 2 View Driver, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
| A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service. | |||||
| CVE-2023-4706 | 1 Lenovo | 1 Preload Directory | 2024-11-21 | N/A | 7.3 HIGH |
| A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges. | |||||