Lenovo

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-5729 1Lenovo 1Bios Efi Driver May 6, 2026 Jun 30, 2016 N/A· v4 8.2 HIGH· v3 6.8 MEDIUM· v2 Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors.
CVE-2016-5249 1Lenovo 1Solution Center May 6, 2026 Jun 30, 2016 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a named pipe created in ad...Show more Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a named pipe created in advance and crafted .NET assembly.Show less
CVE-2016-5248 1Lenovo 1Solution Center May 6, 2026 Jun 30, 2016 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument.
CVE-2016-3944 1Lenovo 1Accelerator Application May 6, 2026 Jun 3, 2016 N/A· v4 7.5 HIGH· v3 9.3 HIGH· v2 UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com.
CVE-2016-4783 1Lenovo 1Shareit May 6, 2026 May 23, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."
CVE-2016-4782 1Lenovo 1Shareit May 6, 2026 May 23, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack."
CVE-2015-8108 1Lenovo 1Emc Firmware May 6, 2026 Apr 12, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The management interface in LenovoEMC EZ Media & Backup (hm3), ix2/ix2-dl, ix4-300d, px12-400r/450r, px6-300d, px2-300d, px4-300r, px4-400d, px4-400r, and px4-300d NAS devices with firmware before 4.1.204.33661 allows re...Show more The management interface in LenovoEMC EZ Media & Backup (hm3), ix2/ix2-dl, ix4-300d, px12-400r/450r, px6-300d, px2-300d, px4-300r, px4-400d, px4-400r, and px4-300d NAS devices with firmware before 4.1.204.33661 allows remote attackers to obtain sensitive device information via unspecified vectors.Show less
CVE-2016-2393 1Lenovo 2Fingerprint Manager Touch Fingerprint May 6, 2026 Apr 11, 2016 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks.
CVE-2016-1350 6Cisco LenovoSamsung+3 more 6Gs1900 10hp Firmware Ios XeKeymouse Firmware+3 more May 6, 2026 Mar 26, 2016 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.
CVE-2016-1344 7Cisco LenovoNetgear+4 more 7Gs1900 10hp Firmware Ios XeJr6150 Firmware+4 more May 6, 2026 Mar 26, 2016 N/A· v4 5.9 MEDIUM· v3 7.1 HIGH· v2 The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.
CVE-2016-1492 1Lenovo 1Shareit May 6, 2026 Jan 26, 2016 N/A· v4 6.1 MEDIUM· v3 2.9 LOW· v2 The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within...Show more The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.Show less
CVE-2016-1491 1Lenovo 1Shareit May 6, 2026 Jan 26, 2016 N/A· v4 8.8 HIGH· v3 5.4 MEDIUM· v2 The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position wi...Show more The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.Show less
CVE-2016-1490 1Lenovo 1Shareit May 6, 2026 Jan 26, 2016 N/A· v4 4.1 MEDIUM· v3 2.7 LOW· v2 The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list.
CVE-2016-1489 1Lenovo 1Shareit May 6, 2026 Jan 26, 2016 N/A· v4 8.0 HIGH· v3 4.3 MEDIUM· v2 Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-i...Show more Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors.Show less
CVE-2015-7820 2Ibm Lenovo 2Switch Center System Networking Switch Center May 6, 2026 Nov 12, 2015 N/A· v4 N/A· v3 7.1 HIGH· v2 Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and...Show more Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443.Show less
CVE-2015-7819 2Ibm Lenovo 2Switch Center System Networking Switch Center May 6, 2026 Nov 12, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 4099...Show more The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password.Show less
CVE-2015-7818 2Ibm Lenovo 2Switch Center System Networking Switch Center May 6, 2026 Nov 12, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using t...Show more The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file.Show less
CVE-2015-7817 2Ibm Lenovo 2Switch Center System Networking Switch Center May 6, 2026 Nov 12, 2015 N/A· v4 N/A· v3 7.1 HIGH· v2 Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and...Show more Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443.Show less
CVE-2015-3214 6Arista DebianLenovo+3 more 19Debian Linux Emc Px12 400r IvxEmc Px12 450r Ivx+16 more May 6, 2026 Aug 31, 2015 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host O...Show more The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.Show less
CVE-2015-2234 1Lenovo 1System Update May 6, 2026 May 12, 2015 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an u...Show more Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.Show less

Previous 1...16 17 181920 Next