Filtered by vendor Lenovo
Subscribe
Total
386 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14066 | 3 Google, Infinixmobility, Lenovo | 3 Android, Infinix X571, Lenovo A7020 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo. | |||||
| CVE-2018-12169 | 2 Intel, Lenovo | 32 Core I3, Core I5, Core I7 and 29 more | 2024-11-21 | 4.6 MEDIUM | 7.6 HIGH |
| Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication. | |||||
| CVE-2017-3776 | 1 Lenovo | 1 Lenovo Help | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this information. | |||||
| CVE-2017-3775 | 1 Lenovo | 22 Flex System X240 M5, Flex System X240 M5 Bios, Flex System X280 X6 and 19 more | 2024-11-21 | 6.9 MEDIUM | 6.4 MEDIUM |
| Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code. | |||||
| CVE-2017-3774 | 2 Ibm, Lenovo | 43 Bladecenter Hs22, Bladecenter Hs23, Bladecenter Hs23e and 40 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption. | |||||
| CVE-2017-3765 | 2 Ibm, Lenovo | 30 1g L2-7 Slb Switch For Bladecenter, Bladecenter 1\, Bladecenter Layer 2\/3 Copper Ethernet Switch Module and 27 more | 2024-11-21 | 6.2 MEDIUM | 7.0 HIGH |
| In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted. | |||||
| CVE-2017-3762 | 2 Lenovo, Microsoft | 4 Fingerprint Manager Pro, Windows 7, Windows 8 and 1 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed. | |||||
| CVE-2017-17833 | 5 Canonical, Debian, Lenovo and 2 more | 61 Ubuntu Linux, Debian Linux, Bm Nextscale Fan Power Controller and 58 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. | |||||
| CVE-2015-8536 | 1 Lenovo | 1 Solution Center | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery. | |||||
| CVE-2015-8535 | 1 Lenovo | 1 Solution Center | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges. | |||||
| CVE-2015-8534 | 1 Lenovo | 1 Solution Center | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges. | |||||
| CVE-2015-7336 | 1 Lenovo | 1 System Update | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed. | |||||
| CVE-2015-7335 | 1 Lenovo | 1 System Update | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges. | |||||
| CVE-2015-7334 | 1 Lenovo | 1 System Update | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges. | |||||
| CVE-2015-7333 | 1 Lenovo | 1 System Update | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges. | |||||
| CVE-2015-5684 | 1 Lenovo | 54 B50-10, B50-10 Firmware, Edge 15 and 51 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system. | |||||
| CVE-2024-5474 | 1 Lenovo | 1 Dolby Vision Provisioning | 2024-11-15 | N/A | 5.5 MEDIUM |
| A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue. | |||||
| CVE-2024-4089 | 1 Lenovo | 1 Superfile | 2024-10-17 | N/A | 7.8 HIGH |
| A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges. | |||||
| CVE-2024-4130 | 1 Lenovo | 1 App Store | 2024-10-17 | N/A | 7.8 HIGH |
| A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges. | |||||
| CVE-2024-4131 | 1 Lenovo | 1 Emulator | 2024-10-17 | N/A | 7.8 HIGH |
| A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges. | |||||