Lenovo

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-8229 1Lenovo 1Lenovo Service Bridge May 13, 2026 Jun 4, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.
CVE-2016-8228 1Lenovo 1Lenovo Service Bridge May 13, 2026 Jun 4, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.
CVE-2016-1876 1Lenovo 1Solution Center May 13, 2026 May 23, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors.
CVE-2015-8110 1Lenovo 1Lenovo System Update May 13, 2026 Apr 24, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI...Show more Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability."Show less
CVE-2015-8109 1Lenovo 1Lenovo System Update May 13, 2026 Apr 24, 2017 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that...Show more Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability."Show less
CVE-2016-8237 1Lenovo 1Updates May 13, 2026 Apr 10, 2017 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code.
CVE-2016-8235 1Lenovo 1Customer Care Software Development Kit May 13, 2026 Apr 10, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges.
CVE-2017-5638 7Apache ArubanetworksHp+4 more 9Clearpass Policy Manager Oncommand BalanceServer Automation+6 more Apr 21, 2026 Mar 11, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to ex...Show more The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.Show less
CVE-2016-8236 1Lenovo 1Thinkserver Firmware May 13, 2026 Mar 3, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77.
CVE-2016-8233 1Lenovo 1Xclarity Administrator May 13, 2026 Mar 1, 2017 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.
CVE-2016-8227 1Lenovo 1Transition May 13, 2026 Jan 26, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges.
CVE-2016-8226 1Lenovo 11Flex System X240 M5 Bios Flex System X280 M6 BiosFlex System X480 X6 Bios+8 more May 13, 2026 Jan 26, 2017 N/A· v4 4.9 MEDIUM· v3 6.8 MEDIUM· v2 The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.
CVE-2016-8225 1Lenovo 2Edge Keyboard Driver Slim Usb Keyboard Driver May 13, 2026 Jan 26, 2017 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges.
CVE-2016-8221 1Lenovo 1Xclarity Administrator May 6, 2026 Jan 12, 2017 N/A· v4 7.0 HIGH· v3 1.9 LOW· v2 Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users ma...Show more Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code.Show less
CVE-2016-8106 3Hp IntelLenovo 28Converged Hx5500 Appliance Converged Hx5510 ApplianceConverged Hx7500 Appliance+25 more May 6, 2026 Jan 9, 2017 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain netw...Show more A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.Show less
CVE-2016-8222 1Lenovo 74Thinkpad 10 Ella 2 Bios Thinkpad 11e Beema BiosThinkpad 11e Braswell Bios+71 more May 6, 2026 Nov 30, 2016 N/A· v4 4.4 MEDIUM· v3 4.7 MEDIUM· v2 A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. Th...Show more A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability.Show less
CVE-2016-8224 1Lenovo 29Bios Notebook 110 14ibr BiosNotebook 110 15ibr Bios+26 more May 6, 2026 Nov 29, 2016 N/A· v4 4.4 MEDIUM· v3 4.6 MEDIUM· v2 A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) prote...Show more A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system.Show less
CVE-2016-8223 1Lenovo 1System Interface Foundation May 6, 2026 Nov 29, 2016 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could ru...Show more During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges.Show less
CVE-2016-5247 1Lenovo 1Bios May 6, 2026 Sep 22, 2016 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation...Show more The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key.Show less
CVE-2016-6257 4Amazonbasics DellLenovo+1 more 5Firmware Km632 FirmwareKm714 Firmware+2 more May 6, 2026 Aug 2, 2016 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which...Show more The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."Show less

Previous 1...16 171819 20 Next