Vulnerabilities (CVE)

Filtered by vendor Lenovo Subscribe
Total 385 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-3214 6 Arista, Debian, Lenovo and 3 more 19 Eos, Debian Linux, Emc Px12-400r Ivx and 16 more 2024-11-21 6.9 MEDIUM N/A
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
CVE-2015-2234 1 Lenovo 1 System Update 2024-11-21 6.9 MEDIUM N/A
Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.
CVE-2015-2233 1 Lenovo 1 System Update 2024-11-21 8.3 HIGH N/A
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate.
CVE-2015-2219 1 Lenovo 1 System Update 2024-11-21 7.2 HIGH N/A
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.
CVE-2014-1939 2 Google, Lenovo 2 Android, Shareit 2024-11-21 7.5 HIGH N/A
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.
CVE-2013-1361 1 Lenovo 1 Thinkpad Bluetooth With Enhanced Data Rate Software 2024-11-21 9.3 HIGH N/A
Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software 6.4.0.2900 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Lenovo Bluetooth.
CVE-2009-0655 1 Lenovo 1 Veriface 2024-11-21 6.9 MEDIUM N/A
Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user.
CVE-2008-4589 1 Lenovo 1 Resuce And Recovery 2024-11-21 7.2 HIGH N/A
Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name.
CVE-2008-3249 1 Lenovo 1 Thinkvantage System Update 2024-11-21 5.1 MEDIUM N/A
The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.
CVE-2007-2929 1 Lenovo 2 Access Support, Automated Solutions 2024-11-21 5.8 MEDIUM N/A
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code.
CVE-2007-2928 1 Lenovo 2 Access Support, Automated Solutions 2024-11-21 5.8 MEDIUM N/A
Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data.
CVE-2007-2240 1 Lenovo 2 Access Support, Automated Solutions 2024-11-21 5.8 MEDIUM N/A
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download.
CVE-2007-1307 2 Intel, Lenovo 2 Pro 1000 Lan Adapter, Thinkpad 2024-11-21 10.0 HIGH N/A
Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.
CVE-2024-5474 1 Lenovo 1 Dolby Vision Provisioning 2024-11-15 N/A 5.5 MEDIUM
A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue.
CVE-2024-4089 1 Lenovo 1 Superfile 2024-10-17 N/A 7.8 HIGH
A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges.
CVE-2024-4130 1 Lenovo 1 App Store 2024-10-17 N/A 7.8 HIGH
A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges.
CVE-2024-4131 1 Lenovo 1 Emulator 2024-10-17 N/A 7.8 HIGH
A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges.
CVE-2024-4132 1 Lenovo 1 Lock Screen 2024-10-17 N/A 7.8 HIGH
A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges.
CVE-2024-9046 1 Lenovo 1 Starstudio 2024-10-17 N/A 7.8 HIGH
A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges.
CVE-2024-45103 4 Emc, Lenovo, Microsoft and 1 more 4 Vmware, Xclarity Administrator, Windows and 1 more 2024-09-19 N/A 4.3 MEDIUM
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.