Filtered by vendor Lenovo Subscriptions
Total 403 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-8334 1 Lenovo 14 Thinkpad A275, Thinkpad A275 Firmware, Thinkpad A285 and 11 more 2024-09-17 6.1 Medium
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.
CVE-2017-3775 1 Lenovo 22 Flex System X240 M5, Flex System X240 M5 Bios, Flex System X280 X6 and 19 more 2024-09-16 N/A
Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.
CVE-2020-8323 1 Lenovo 344 14iwl, 14iwl Firmware, 330-14ast and 341 more 2024-09-16 6.4 Medium
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.
CVE-2019-6168 1 Lenovo 8 Ideacentre, Ideapad, Service Bridge and 5 more 2024-09-16 9.8 Critical
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
CVE-2019-6163 1 Lenovo 24 B Series, C100, C200 and 21 more 2024-09-16 N/A
A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.
CVE-2017-3752 2 Ibm, Lenovo 30 1\, 1g L2-7 Slb, Bladecenter and 27 more 2024-09-16 N/A
An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.
CVE-2017-3760 1 Lenovo 1 Service Framework 2024-09-16 N/A
The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man-in-the-middle attacks leading to possible remote code execution.
CVE-2020-8341 1 Lenovo 20 Thinkpad T490 \(20nx\), Thinkpad T490 \(20nx\) Firmware, Thinkpad T490 \(20qx\) and 17 more 2024-09-16 2.4 Low
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.
CVE-2017-3751 1 Lenovo 1 Thinkpad Compact Usb Keyboard Driver 2024-09-16 N/A
An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges.
CVE-2020-8318 1 Lenovo 1 System Interface Foundation 2024-09-16 7.3 High
A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges.
CVE-2017-3747 2 Lenovo, Microsoft 2 Nerve Center, Windows 10 2024-09-16 N/A
Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys.
CVE-2017-3763 1 Lenovo 1 Xclarity Administrator 2024-09-16 N/A
An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2.
CVE-2017-3758 1 Lenovo 1 Service Framework 2024-09-16 N/A
Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution.
CVE-2017-3750 2 Google, Lenovo 21 Android, Vibe A1600, Vibe A2560 and 18 more 2024-09-16 N/A
On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749.
CVE-2019-6190 1 Lenovo 364 510-15ikl, 510-15ikl Firmware, 510s-08ikl and 361 more 2024-09-16 5 Medium
Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled.
CVE-2017-3749 2 Google, Lenovo 21 Android, Vibe A1600, Vibe A2560 and 18 more 2024-09-16 N/A
On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750.
CVE-2019-6156 1 Lenovo 354 330-14igm, 330-14igm Firmware, 330-15igm and 351 more 2024-09-16 N/A
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.
CVE-2019-6176 1 Lenovo 2 Thinkpad Usb-c Dock, Thinkpad Usb-c Dock Firmware 2024-09-16 7.5 High
A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service.
CVE-2019-6179 1 Lenovo 2 Xclarity Administrator, Xclarity Integrator 2024-09-16 7.5 High
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure.
CVE-2020-8322 1 Lenovo 102 14iwl, 14iwl Firmware, 330-14ast and 99 more 2024-09-16 6.4 Medium
A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.