Filtered by vendor Lenovo
Subscriptions
Total
403 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-6183 | 1 Lenovo | 1 Energy Management | 2024-09-16 | 7.5 High |
| A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not affected. | ||||
| CVE-2020-8324 | 1 Lenovo | 1 System Interface Foundation | 2024-09-16 | 5 Medium |
| A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed. | ||||
| CVE-2020-8316 | 1 Lenovo | 1 Vantage | 2024-09-16 | 4.4 Medium |
| A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges. | ||||
| CVE-2020-8337 | 2 Lenovo, Synaptics | 83 5-15ikb, Air-14 2019, C340-14iwl and 80 more | 2024-09-16 | 6.7 Medium |
| An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code. | ||||
| CVE-2018-14066 | 3 Google, Infinixmobility, Lenovo | 3 Android, Infinix X571, Lenovo A7020 | 2024-09-16 | N/A |
| The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo. | ||||
| CVE-2019-6191 | 1 Lenovo | 1 Paper | 2024-09-16 | 7.8 High |
| A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation. | ||||
| CVE-2017-3754 | 1 Lenovo | 20 710s-13ikb\/xiaoxin Air 13ikb, 710s-13isk\/xiaoxin Air 13, Bios and 17 more | 2024-09-16 | N/A |
| Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code. | ||||
| CVE-2019-6160 | 1 Lenovo | 13 Home Media Network Hard Drive, Home Media Network Hard Drive Firmware, Ix12-300r and 10 more | 2024-09-16 | N/A |
| A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API. | ||||
| CVE-2020-8335 | 1 Lenovo | 16 Thinkpad A275, Thinkpad A275 Firmware, Thinkpad A285 and 13 more | 2024-09-16 | 6.1 Medium |
| The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access. | ||||
| CVE-2024-4550 | 1 Lenovo | 5 Thinkstation P360 Workstation Firmware, Thinksystem St50 Firmware, Thinksystem St50 V2 Firmware and 2 more | 2024-09-16 | 6.7 Medium |
| A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code. | ||||
| CVE-2019-6173 | 1 Lenovo | 1 Installation Package | 2024-09-16 | 6.7 Medium |
| A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges. | ||||
| CVE-2024-7756 | 1 Lenovo | 3 10w Firmware, Thinkpad L390 Firmware, Thinkpad L390 Yoga Firmware | 2024-09-16 | 6.8 Medium |
| A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell. | ||||
| CVE-2020-8333 | 1 Lenovo | 54 63, 63 Firmware, H50-30g and 51 more | 2024-09-16 | 6.4 Medium |
| A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution | ||||
| CVE-2024-45105 | 1 Lenovo | 99 Thinkagile Hx1331 Firmware, Thinkagile Hx2330 Firmware, Thinkagile Hx2331 Firmware and 96 more | 2024-09-16 | 6.7 Medium |
| An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code. | ||||
| CVE-2020-8320 | 1 Lenovo | 200 Thinkpad 11e, Thinkpad 11e Firmware, Thinkpad 11e Yoga Gen 6 and 197 more | 2024-09-16 | 6.4 Medium |
| An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. | ||||
| CVE-2018-9065 | 1 Lenovo | 1 Xclarity Administrator | 2024-09-16 | N/A |
| In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended. | ||||
| CVE-2020-8319 | 1 Lenovo | 1 System Interface Foundation | 2024-09-16 | 7.3 High |
| A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges. | ||||
| CVE-2019-6186 | 1 Lenovo | 1 System Interface Foundation | 2024-09-16 | 8.8 High |
| A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user. | ||||
| CVE-2019-6166 | 1 Lenovo | 8 Ideacentre, Ideapad, Service Bridge and 5 more | 2024-09-16 | 8.8 High |
| A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery. | ||||
| CVE-2018-9066 | 1 Lenovo | 1 Xclarity Administrator | 2024-09-16 | N/A |
| In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system. | ||||