Filtered by vendor Lenovo Subscriptions
Total 404 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-6043 1 Lenovo 1 Vantage 2025-06-17 7.8 High
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges.
CVE-2023-5080 1 Lenovo 12 Tab M10 Plus Gen 3 Tb125fu, Tab M10 Plus Gen 3 Tb125fu Firmware, Tab M8 Hd Tb8505f and 9 more 2025-06-17 6.8 Medium
A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.
CVE-2023-6540 1 Lenovo 2 Browser Hd, Browser Mobile 2025-06-17 6.5 Medium
A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information.
CVE-2023-6338 1 Lenovo 1 Universal Device Client 2025-06-03 7.8 High
Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
CVE-2015-4596 1 Lenovo 1 Mouse Suite 2025-05-30 N/A
Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges.
CVE-2023-5081 1 Lenovo 8 Tab M8 Hd Tb8505f, Tab M8 Hd Tb8505f Firmware, Tab M8 Hd Tb8505fs and 5 more 2025-05-30 3.3 Low
An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.
CVE-2023-6044 1 Lenovo 1 Vantage 2025-05-30 6.3 Medium
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges.
CVE-2021-42205 1 Lenovo 1 Elan Miniport Touchpad Driver 2025-05-02 4.7 Medium
ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice.
CVE-2017-3770 1 Lenovo 1 Xclarity Administrator 2025-04-20 N/A
Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.
CVE-2016-8221 1 Lenovo 1 Xclarity Administrator 2025-04-20 N/A
Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code.
CVE-2017-3767 2 Lenovo, Realtek 47 Thinkpad 10, Thinkpad 11e, Thinkpad 13 and 44 more 2025-04-20 N/A
A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges.
CVE-2017-3745 1 Lenovo 1 Xclarity Administrator 2025-04-20 N/A
In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers.
CVE-2017-3744 2 Ibm, Lenovo 47 Bladecenter Hs22, Bladecenter Hs23, Bladecenter Hs23e and 44 more 2025-04-20 N/A
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.
CVE-2017-3742 3 Google, Lenovo, Microsoft 3 Android, Connect2, Windows 2025-04-20 N/A
In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user's contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems.
CVE-2017-5638 7 Apache, Arubanetworks, Hp and 4 more 13 Struts, Clearpass Policy Manager, Server Automation and 10 more 2025-04-20 9.8 Critical
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
CVE-2017-3754 1 Lenovo 20 710s-13ikb\/xiaoxin Air 13ikb, 710s-13isk\/xiaoxin Air 13, Bios and 17 more 2025-04-20 N/A
Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code.
CVE-2017-3741 1 Lenovo 2 Power Management, Thinkpad X1 Carbon 5 2025-04-20 N/A
In the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint's firmware and stop the trackpoint from functioning correctly. This issue only affects ThinkPad X1 Carbon 5th generation.
CVE-2016-8106 3 Hp, Intel, Lenovo 60 Ethernet 10gb 2-port 562flr-sfp\+, Ethernet 10gb 2-port 562sfp\+, Ethernet 10gb 4-port 563sfp\+ and 57 more 2025-04-20 N/A
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.
CVE-2017-3756 2 Lenovo, Microsoft 151 Thinkpad 10 Ella 2, Thinkpad 10 Ella 2 Bios, Thinkpad 11e Beema and 148 more 2025-04-20 N/A
A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.
CVE-2017-3740 1 Lenovo 1 Active Protection System 2025-04-20 N/A
In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality.