Filtered by vendor Lenovo
Subscriptions
Total
464 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-15361 | 35 Acer, Aopen, Asi and 32 more | 126 C720 Chromebook, Chromebase, Chromebase 24 and 123 more | 2025-04-20 | N/A |
| The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS. | ||||
| CVE-2015-3321 | 1 Lenovo | 1 Fingerprint Manager | 2025-04-20 | N/A |
| Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations. | ||||
| CVE-2017-3742 | 3 Google, Lenovo, Microsoft | 3 Android, Connect2, Windows | 2025-04-20 | N/A |
| In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user's contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems. | ||||
| CVE-2017-3771 | 1 Lenovo | 6 Aio E95, Aio E95 Firmware, Thinkcentre M710s and 3 more | 2025-04-20 | N/A |
| System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process. | ||||
| CVE-2017-3756 | 2 Lenovo, Microsoft | 151 Thinkpad 10 Ella 2, Thinkpad 10 Ella 2 Bios, Thinkpad 11e Beema and 148 more | 2025-04-20 | N/A |
| A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path. | ||||
| CVE-2015-8109 | 1 Lenovo | 1 Lenovo System Update | 2025-04-20 | N/A |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability." | ||||
| CVE-2015-8110 | 1 Lenovo | 1 Lenovo System Update | 2025-04-20 | N/A |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability." | ||||
| CVE-2017-3770 | 1 Lenovo | 1 Xclarity Administrator | 2025-04-20 | N/A |
| Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system. | ||||
| CVE-2017-3761 | 1 Lenovo | 1 Service Framework | 2025-04-20 | N/A |
| The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution. | ||||
| CVE-2017-3754 | 1 Lenovo | 20 710s-13ikb\/xiaoxin Air 13ikb, 710s-13isk\/xiaoxin Air 13, Bios and 17 more | 2025-04-20 | N/A |
| Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code. | ||||
| CVE-2017-3760 | 1 Lenovo | 1 Service Framework | 2025-04-20 | N/A |
| The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man-in-the-middle attacks leading to possible remote code execution. | ||||
| CVE-2017-3759 | 1 Lenovo | 1 Service Framework | 2025-04-20 | N/A |
| The Lenovo Service Framework Android application accepts some responses from the server without proper validation. This exposes the application to man-in-the-middle attacks leading to possible remote code execution. | ||||
| CVE-2017-3740 | 1 Lenovo | 1 Active Protection System | 2025-04-20 | N/A |
| In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality. | ||||
| CVE-2017-3758 | 1 Lenovo | 1 Service Framework | 2025-04-20 | N/A |
| Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution. | ||||
| CVE-2017-3752 | 2 Ibm, Lenovo | 30 1\, 1g L2-7 Slb, Bladecenter and 27 more | 2025-04-20 | N/A |
| An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain. | ||||
| CVE-2017-3751 | 1 Lenovo | 1 Thinkpad Compact Usb Keyboard Driver | 2025-04-20 | N/A |
| An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges. | ||||
| CVE-2017-3745 | 1 Lenovo | 1 Xclarity Administrator | 2025-04-20 | N/A |
| In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers. | ||||
| CVE-2017-3750 | 2 Google, Lenovo | 21 Android, Vibe A1600, Vibe A2560 and 18 more | 2025-04-20 | N/A |
| On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749. | ||||
| CVE-2017-3746 | 1 Lenovo | 1 Thinkpad Usb 3.0 Ethernet Adapter Driver | 2025-04-20 | N/A |
| ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges. | ||||
| CVE-2017-3741 | 1 Lenovo | 2 Power Management, Thinkpad X1 Carbon 5 | 2025-04-20 | N/A |
| In the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint's firmware and stop the trackpoint from functioning correctly. This issue only affects ThinkPad X1 Carbon 5th generation. | ||||