Vulnerabilities > Lenovo > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-10-17 | CVE-2017-3761 | OS Command Injection vulnerability in Lenovo Service Framework The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. | 10.0 |
2017-04-10 | CVE-2016-8237 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Updates Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code. | 9.3 |
2016-06-03 | CVE-2016-3944 | Improper Input Validation vulnerability in Lenovo Accelerator Application UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com. | 9.3 |
2016-05-23 | CVE-2016-4782 | Improper Input Validation vulnerability in Lenovo Shareit 3.5.98Ww Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack." | 9.3 |
2014-01-21 | CVE-2013-1361 | DLL Loading Arbitrary Code Execution vulnerability in Lenovo Thinkpad Bluetooth With Enhanced Data Rate Software 6.4.0.2900 Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software 6.4.0.2900 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Lenovo Bluetooth. | 9.3 |
2007-03-07 | CVE-2007-1307 | Unspecified vulnerability in IBM ThinkPad Intel PRO/1000 LAN Adapter Software Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors. | 10.0 |