Filtered by vendor Lenovo
Subscribe
Total
385 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-8534 | 1 Lenovo | 1 Solution Center | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges. | |||||
CVE-2015-8110 | 1 Lenovo | 1 Lenovo System Update | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability." | |||||
CVE-2015-8109 | 1 Lenovo | 1 Lenovo System Update | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability." | |||||
CVE-2015-8108 | 1 Lenovo | 11 Emc Ez Media \& Backup \(hm3\), Emc Firmware, Emc Ix2\/ix2-dl and 8 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
The management interface in LenovoEMC EZ Media & Backup (hm3), ix2/ix2-dl, ix4-300d, px12-400r/450r, px6-300d, px2-300d, px4-300r, px4-400d, px4-400r, and px4-300d NAS devices with firmware before 4.1.204.33661 allows remote attackers to obtain sensitive device information via unspecified vectors. | |||||
CVE-2015-7820 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2024-11-21 | 7.1 HIGH | N/A |
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443. | |||||
CVE-2015-7819 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2024-11-21 | 5.0 MEDIUM | N/A |
The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password. | |||||
CVE-2015-7818 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2024-11-21 | 7.2 HIGH | N/A |
The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file. | |||||
CVE-2015-7817 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2024-11-21 | 7.1 HIGH | N/A |
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443. | |||||
CVE-2015-7336 | 1 Lenovo | 1 System Update | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed. | |||||
CVE-2015-7335 | 1 Lenovo | 1 System Update | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges. | |||||
CVE-2015-7334 | 1 Lenovo | 1 System Update | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges. | |||||
CVE-2015-7333 | 1 Lenovo | 1 System Update | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges. | |||||
CVE-2015-6971 | 1 Lenovo | 1 System Update | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables. | |||||
CVE-2015-5684 | 1 Lenovo | 54 B50-10, B50-10 Firmware, Edge 15 and 51 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system. | |||||
CVE-2015-4596 | 1 Lenovo | 1 Mouse Suite | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges. | |||||
CVE-2015-3324 | 1 Lenovo | 6 Thinkserver Rd350, Thinkserver Rd450, Thinkserver Rd550 and 3 more | 2024-11-21 | 4.3 MEDIUM | N/A |
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers. | |||||
CVE-2015-3323 | 1 Lenovo | 6 Thinkserver Rd350, Thinkserver Rd450, Thinkserver Rd550 and 3 more | 2024-11-21 | 5.0 MEDIUM | N/A |
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication. | |||||
CVE-2015-3322 | 1 Lenovo | 10 Thinkserver Rd350, Thinkserver Rd350 Firmware, Thinkserver Rd450 and 7 more | 2024-11-21 | 5.0 MEDIUM | N/A |
Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors. | |||||
CVE-2015-3321 | 1 Lenovo | 1 Fingerprint Manager | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations. | |||||
CVE-2015-3320 | 1 Lenovo | 1 Usb Enhanced Performance Keyboard | 2024-11-21 | 2.1 LOW | N/A |
Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output. |