Filtered by vendor Lenovo
Subscribe
Total
370 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-1490 | 1 Lenovo | 1 Shareit | 2023-12-10 | 2.7 LOW | 4.1 MEDIUM |
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list. | |||||
CVE-2015-3214 | 6 Arista, Debian, Lenovo and 3 more | 19 Eos, Debian Linux, Emc Px12-400r Ivx and 16 more | 2023-12-10 | 6.9 MEDIUM | N/A |
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. | |||||
CVE-2016-5248 | 1 Lenovo | 1 Solution Center | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument. | |||||
CVE-2015-7817 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2023-12-10 | 7.1 HIGH | N/A |
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443. | |||||
CVE-2016-4782 | 2 Google, Lenovo | 2 Android, Shareit | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack." | |||||
CVE-2015-7820 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2023-12-10 | 7.1 HIGH | N/A |
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443. | |||||
CVE-2016-1492 | 1 Lenovo | 1 Shareit | 2023-12-10 | 2.9 LOW | 6.1 MEDIUM |
The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area. | |||||
CVE-2015-7818 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2023-12-10 | 7.2 HIGH | N/A |
The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file. | |||||
CVE-2016-2393 | 1 Lenovo | 2 Fingerprint Manager, Touch Fingerprint | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks. | |||||
CVE-2016-5729 | 1 Lenovo | 1 Bios Efi Driver | 2023-12-10 | 6.8 MEDIUM | 8.2 HIGH |
Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors. | |||||
CVE-2015-2233 | 1 Lenovo | 1 System Update | 2023-12-10 | 8.3 HIGH | N/A |
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate. | |||||
CVE-2016-3944 | 1 Lenovo | 1 Accelerator Application | 2023-12-10 | 9.3 HIGH | 7.5 HIGH |
UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com. | |||||
CVE-2015-2219 | 1 Lenovo | 1 System Update | 2023-12-10 | 7.2 HIGH | N/A |
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe. | |||||
CVE-2015-7819 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2023-12-10 | 5.0 MEDIUM | N/A |
The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password. | |||||
CVE-2016-1491 | 1 Lenovo | 1 Shareit | 2023-12-10 | 5.4 MEDIUM | 8.8 HIGH |
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area. | |||||
CVE-2016-1489 | 1 Lenovo | 1 Shareit | 2023-12-10 | 4.3 MEDIUM | 8.0 HIGH |
Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. | |||||
CVE-2015-8108 | 1 Lenovo | 11 Emc Ez Media \& Backup \(hm3\), Emc Firmware, Emc Ix2\/ix2-dl and 8 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The management interface in LenovoEMC EZ Media & Backup (hm3), ix2/ix2-dl, ix4-300d, px12-400r/450r, px6-300d, px2-300d, px4-300r, px4-400d, px4-400r, and px4-300d NAS devices with firmware before 4.1.204.33661 allows remote attackers to obtain sensitive device information via unspecified vectors. | |||||
CVE-2015-3320 | 1 Lenovo | 1 Usb Enhanced Performance Keyboard | 2023-12-10 | 2.1 LOW | N/A |
Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output. | |||||
CVE-2015-3322 | 1 Lenovo | 10 Thinkserver Rd350, Thinkserver Rd350 Firmware, Thinkserver Rd450 and 7 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors. | |||||
CVE-2014-1939 | 2 Google, Lenovo | 2 Android, Shareit | 2023-12-10 | 7.5 HIGH | N/A |
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels. |