Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-26 | CVE-2016-8225 | Unquoted Search Path or Element vulnerability in Lenovo Edge Keyboard Driver and Slim USB Keyboard Driver Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges. | 4.6 |
| 2017-01-12 | CVE-2016-8221 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Xclarity Administrator Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code. | 1.9 |
| 2017-01-09 | CVE-2016-8106 | Improper Input Validation vulnerability in multiple products A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions. | 4.3 |
| 2016-11-30 | CVE-2016-8222 | Improper Access Control vulnerability in Lenovo products A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. | 4.7 |
| 2016-11-29 | CVE-2016-8224 | Cryptographic Issues vulnerability in Lenovo products A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. | 4.6 |
| 2016-11-29 | CVE-2016-8223 | Improper Access Control vulnerability in Lenovo System Interface Foundation During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges. | 7.2 |
| 2016-09-22 | CVE-2016-5247 | 7PK - Security Features vulnerability in Lenovo Bios The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key. | 7.2 |
| 2016-08-02 | CVE-2016-6257 | Cryptographic Issues vulnerability in multiple products The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack." | 3.3 |
| 2016-06-30 | CVE-2016-5729 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Bios EFI Driver Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors. | 6.8 |
| 2016-06-30 | CVE-2016-5249 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Solution Center 3.3.002 Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a named pipe created in advance and crafted .NET assembly. | 7.2 |