Filtered by vendor Lenovo
Subscribe
Total
397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8485 | 1 Lenovo | 1 App Store | 2026-02-02 | N/A | 7.3 HIGH |
| An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application. | |||||
| CVE-2025-10581 | 1 Lenovo | 1 Pcmanager | 2026-02-02 | N/A | 7.8 HIGH |
| A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges. | |||||
| CVE-2025-8486 | 1 Lenovo | 1 Pcmanager | 2026-02-02 | N/A | 7.8 HIGH |
| A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges. | |||||
| CVE-2025-2503 | 1 Lenovo | 1 Pcmanager | 2026-02-02 | N/A | 7.1 HIGH |
| An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user. | |||||
| CVE-2025-2502 | 1 Lenovo | 1 Pcmanager | 2026-02-02 | N/A | 7.8 HIGH |
| An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. | |||||
| CVE-2025-2501 | 1 Lenovo | 1 Pcmanager | 2026-02-02 | N/A | 7.8 HIGH |
| An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. | |||||
| CVE-2025-8098 | 1 Lenovo | 1 Pcmanager | 2026-01-27 | N/A | 7.8 HIGH |
| An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges. | |||||
| CVE-2017-5638 | 7 Apache, Arubanetworks, Hp and 4 more | 13 Struts, Clearpass Policy Manager, Server Automation and 10 more | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
| The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | |||||
| CVE-2025-6230 | 1 Lenovo | 2 Commercial Vantage, Vantage | 2025-08-19 | N/A | 5.3 MEDIUM |
| A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands. | |||||
| CVE-2024-2659 | 1 Lenovo | 136 Nextscale N1200 Enclosure, Nextscale N1200 Enclosure Firmware, Thinkagile 2u4n and 133 more | 2025-07-28 | N/A | 7.2 HIGH |
| A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function. | |||||
| CVE-2024-23591 | 1 Lenovo | 2 Thinksystem Sr670 V2, Thinksystem Sr670 V2 Firmware | 2025-07-23 | N/A | 2.0 LOW |
| ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. The server’s NIST SP 800-193-compliant Platform Firmware Resiliency (PFR) security subsystem significantly mitigates this issue. | |||||
| CVE-2025-6232 | 1 Lenovo | 2 Commercial Vantage, Vantage | 2025-07-22 | N/A | 7.8 HIGH |
| An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations. | |||||
| CVE-2025-6231 | 1 Lenovo | 2 Commercial Vantage, Vantage | 2025-07-22 | N/A | 7.8 HIGH |
| An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file. | |||||
| CVE-2015-4596 | 1 Lenovo | 1 Mouse Suite | 2025-05-30 | 4.6 MEDIUM | 7.8 HIGH |
| Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges. | |||||
| CVE-2021-42205 | 1 Lenovo | 1 Elan Miniport Touchpad Driver | 2025-05-02 | N/A | 4.7 MEDIUM |
| ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice. | |||||
| CVE-2017-3763 | 1 Lenovo | 1 Xclarity Administrator | 2025-04-20 | 2.1 LOW | 6.7 MEDIUM |
| An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2. | |||||
| CVE-2017-3746 | 1 Lenovo | 1 Thinkpad Usb 3.0 Ethernet Adapter Driver | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges. | |||||
| CVE-2016-8237 | 1 Lenovo | 1 Updates | 2025-04-20 | 9.3 HIGH | 8.1 HIGH |
| Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code. | |||||
| CVE-2016-8226 | 1 Lenovo | 11 Flex System X240 M5 Bios, Flex System X280 M6 Bios, Flex System X480 X6 Bios and 8 more | 2025-04-20 | 6.8 MEDIUM | 4.9 MEDIUM |
| The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. | |||||
| CVE-2016-8225 | 1 Lenovo | 2 Edge Keyboard Driver, Slim Usb Keyboard Driver | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges. | |||||