Search Results (472 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-6338 1 Lenovo 1 Universal Device Client 2025-06-03 7.8 High
Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
CVE-2015-4596 1 Lenovo 1 Mouse Suite 2025-05-30 N/A
Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges.
CVE-2023-5081 1 Lenovo 8 Tab M8 Hd Tb8505f, Tab M8 Hd Tb8505f Firmware, Tab M8 Hd Tb8505fs and 5 more 2025-05-30 3.3 Low
An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.
CVE-2023-6044 1 Lenovo 1 Vantage 2025-05-30 6.3 Medium
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges.
CVE-2021-42205 1 Lenovo 1 Elan Miniport Touchpad Driver 2025-05-02 4.7 Medium
ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice.
CVE-2016-8233 1 Lenovo 1 Xclarity Administrator 2025-04-20 N/A
Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.
CVE-2016-8231 1 Lenovo 1 Lenovo Service Bridge 2025-04-20 N/A
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.
CVE-2015-8109 1 Lenovo 1 Lenovo System Update 2025-04-20 N/A
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability."
CVE-2016-8230 1 Lenovo 1 Lenovo Service Bridge 2025-04-20 N/A
In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.
CVE-2016-8229 1 Lenovo 1 Lenovo Service Bridge 2025-04-20 N/A
A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.
CVE-2015-3321 1 Lenovo 1 Fingerprint Manager 2025-04-20 N/A
Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations.
CVE-2016-8228 1 Lenovo 1 Lenovo Service Bridge 2025-04-20 N/A
In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.
CVE-2016-8227 1 Lenovo 1 Transition 2025-04-20 N/A
Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges.
CVE-2016-8226 1 Lenovo 11 Flex System X240 M5 Bios, Flex System X280 M6 Bios, Flex System X480 X6 Bios and 8 more 2025-04-20 N/A
The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.
CVE-2016-8225 1 Lenovo 2 Edge Keyboard Driver, Slim Usb Keyboard Driver 2025-04-20 N/A
Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges.
CVE-2016-8106 3 Hp, Intel, Lenovo 60 Ethernet 10gb 2-port 562flr-sfp\+, Ethernet 10gb 2-port 562sfp\+, Ethernet 10gb 4-port 563sfp\+ and 57 more 2025-04-20 N/A
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.
CVE-2017-3771 1 Lenovo 6 Aio E95, Aio E95 Firmware, Thinkcentre M710s and 3 more 2025-04-20 N/A
System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process.
CVE-2017-3770 1 Lenovo 1 Xclarity Administrator 2025-04-20 N/A
Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.
CVE-2017-3767 2 Lenovo, Realtek 47 Thinkpad 10, Thinkpad 11e, Thinkpad 13 and 44 more 2025-04-20 N/A
A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges.
CVE-2017-3761 1 Lenovo 1 Service Framework 2025-04-20 N/A
The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution.