Vulnerabilities > Lenovo > High

DATE CVE VULNERABILITY TITLE RISK
2017-04-10 CVE-2016-8237 Permissions, Privileges, and Access Controls vulnerability in Lenovo Updates
Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code.
network
high complexity
lenovo CWE-264
8.1
2017-04-10 CVE-2016-8235 Permissions, Privileges, and Access Controls vulnerability in Lenovo Customer Care Software Development KIT 2.0.16
Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges.
local
low complexity
lenovo CWE-264
7.8
2017-03-03 CVE-2016-8236 Improper Access Control vulnerability in Lenovo Thinkserver Firmware 3.76.208
Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77.
network
low complexity
lenovo CWE-284
7.5
2017-01-26 CVE-2016-8227 Improper Access Control vulnerability in Lenovo Transition
Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges.
local
low complexity
lenovo CWE-284
7.8
2017-01-26 CVE-2016-8225 Unquoted Search Path or Element vulnerability in Lenovo Edge Keyboard Driver and Slim USB Keyboard Driver
Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges.
local
low complexity
lenovo CWE-428
7.8
2017-01-12 CVE-2016-8221 Permissions, Privileges, and Access Controls vulnerability in Lenovo Xclarity Administrator
Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code.
local
high complexity
lenovo CWE-264
7.0
2016-11-29 CVE-2016-8223 Improper Access Control vulnerability in Lenovo System Interface Foundation 1.0.66.0
During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges.
local
low complexity
lenovo CWE-284
7.8
2016-09-22 CVE-2016-5247 7PK - Security Features vulnerability in Lenovo Bios
The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key.
local
low complexity
lenovo CWE-254
7.8
2016-06-30 CVE-2016-5729 Permissions, Privileges, and Access Controls vulnerability in Lenovo Bios EFI Driver
Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors.
local
low complexity
lenovo CWE-264
8.2
2016-06-30 CVE-2016-5249 Permissions, Privileges, and Access Controls vulnerability in Lenovo Solution Center 3.3.0001
Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a named pipe created in advance and crafted .NET assembly.
local
low complexity
lenovo CWE-264
7.8