Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-11-12 | CVE-2015-7817 | Race Condition vulnerability in multiple products Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443. | 7.1 |
| 2015-05-12 | CVE-2015-2234 | Race Condition vulnerability in Lenovo System Update 5.06.0027 Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated. | 6.9 |
| 2015-05-12 | CVE-2015-2233 | Cryptographic Issues vulnerability in Lenovo System Update 5.06.0027 Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate. | 8.3 |
| 2015-05-12 | CVE-2015-2219 | Permissions, Privileges, and Access Controls vulnerability in Lenovo System Update 5.06.0027 Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe. | 7.2 |
| 2015-04-16 | CVE-2015-3324 | Cryptographic Issues vulnerability in Lenovo Thinkserver System Manager Baseboard Management Controller Firmware 118.71532 The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers. | 4.3 |
| 2015-04-16 | CVE-2015-3323 | Improper Input Validation vulnerability in Lenovo Thinkserver System Manager Baseboard Management Controller Firmware The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication. | 5.0 |
| 2015-04-16 | CVE-2015-3322 | Cryptographic Issues vulnerability in Lenovo products Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors. | 5.0 |
| 2015-04-16 | CVE-2015-3320 | Information Exposure vulnerability in Lenovo USB Enhanced Performance Keyboard Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output. | 2.1 |
| 2014-03-03 | CVE-2014-1939 | Code Injection vulnerability in multiple products java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels. | 7.5 |
| 2014-01-21 | CVE-2013-1361 | DLL Loading Arbitrary Code Execution vulnerability in Lenovo Thinkpad Bluetooth With Enhanced Data Rate Software 6.4.0.2900 Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software 6.4.0.2900 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Lenovo Bluetooth. | 9.3 |