Vulnerabilities > Lenovo

DATE CVE VULNERABILITY TITLE RISK
2017-09-22 CVE-2017-3770 Unspecified vulnerability in Lenovo Xclarity Administrator
Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.
network
low complexity
lenovo
8.8
2017-09-22 CVE-2017-3763 Unspecified vulnerability in Lenovo Xclarity Administrator
An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2.
local
low complexity
lenovo
6.7
2017-08-29 CVE-2017-3746 Unspecified vulnerability in Lenovo Thinkpad USB 3.0 Ethernet Adapter Driver
ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges.
local
low complexity
lenovo
7.8
2017-08-18 CVE-2017-3756 Unspecified vulnerability in Lenovo products
A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17.
local
low complexity
lenovo
7.8
2017-08-10 CVE-2017-3753 Code Injection vulnerability in Lenovo products
A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc.
low complexity
lenovo CWE-94
6.8
2017-08-10 CVE-2017-3751 Unquoted Search Path or Element vulnerability in Lenovo Thinkpad Compact USB Keyboard Driver
An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0.
local
low complexity
lenovo CWE-428
7.8
2017-08-09 CVE-2017-3752 Improper Input Validation vulnerability in multiple products
An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches.
high complexity
ibm lenovo CWE-20
8.2
2017-07-17 CVE-2017-3754 Unspecified vulnerability in Lenovo Bios
Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS.
local
low complexity
lenovo
6.7
2017-07-17 CVE-2017-3742 Information Exposure vulnerability in Lenovo Connect2 4.2.5
In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location.
high complexity
lenovo CWE-200
4.8
2017-06-29 CVE-2017-3747 Unspecified vulnerability in Lenovo Nerve Center
Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys.
local
low complexity
lenovo
5.5