Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-17 | CVE-2017-3759 | Improper Input Validation vulnerability in Lenovo Service Framework The Lenovo Service Framework Android application accepts some responses from the server without proper validation. | 8.1 |
| 2017-10-17 | CVE-2017-3758 | Unspecified vulnerability in Lenovo Service Framework Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution. | 9.8 |
| 2017-10-03 | CVE-2015-6971 | Command Injection vulnerability in Lenovo System Update 5.06.0027/5.06.0034 Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables. | 7.8 |
| 2017-10-03 | CVE-2015-3321 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Fingerprint Manager Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations. | 6.7 |
| 2017-09-22 | CVE-2017-3770 | Unspecified vulnerability in Lenovo Xclarity Administrator Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system. | 8.8 |
| 2017-09-22 | CVE-2017-3763 | Unspecified vulnerability in Lenovo Xclarity Administrator An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2. | 6.7 |
| 2017-08-29 | CVE-2017-3746 | Unspecified vulnerability in Lenovo Thinkpad USB 3.0 Ethernet Adapter Driver ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges. | 7.8 |
| 2017-08-18 | CVE-2017-3756 | Unspecified vulnerability in Lenovo products A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. | 7.8 |
| 2017-08-10 | CVE-2017-3753 | Code Injection vulnerability in Lenovo products A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. | 6.8 |
| 2017-08-10 | CVE-2017-3751 | Unquoted Search Path or Element vulnerability in Lenovo Thinkpad Compact USB Keyboard Driver An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. | 7.8 |