Vulnerabilities > Lenovo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-26 | CVE-2017-3771 | Unspecified vulnerability in Lenovo products System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process. | 7.5 |
| 2017-10-17 | CVE-2017-3760 | Insufficiently Protected Credentials vulnerability in Lenovo Service Framework The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. | 8.1 |
| 2017-10-17 | CVE-2017-3759 | Improper Input Validation vulnerability in Lenovo Service Framework The Lenovo Service Framework Android application accepts some responses from the server without proper validation. | 8.1 |
| 2017-10-03 | CVE-2015-6971 | Command Injection vulnerability in Lenovo System Update 5.06.0027/5.06.0034 Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables. | 7.8 |
| 2017-09-22 | CVE-2017-3770 | Unspecified vulnerability in Lenovo Xclarity Administrator Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system. | 8.8 |
| 2017-08-29 | CVE-2017-3746 | Unspecified vulnerability in Lenovo Thinkpad USB 3.0 Ethernet Adapter Driver ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges. | 7.8 |
| 2017-08-18 | CVE-2017-3756 | Unspecified vulnerability in Lenovo products A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. | 7.8 |
| 2017-08-10 | CVE-2017-3751 | Unquoted Search Path or Element vulnerability in Lenovo Thinkpad Compact USB Keyboard Driver An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. | 7.8 |
| 2017-08-09 | CVE-2017-3752 | Improper Input Validation vulnerability in multiple products An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. | 8.2 |
| 2017-06-20 | CVE-2017-3745 | Improper Authentication vulnerability in Lenovo Xclarity Administrator In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. | 7.8 |