Vulnerabilities > Lenovo > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-07-17 CVE-2017-3754 Unspecified vulnerability in Lenovo Bios
Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS.
local
low complexity
lenovo
6.7
2017-07-17 CVE-2017-3742 Information Exposure vulnerability in Lenovo Connect2 4.2.5
In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location.
high complexity
lenovo CWE-200
4.8
2017-06-29 CVE-2017-3747 Unspecified vulnerability in Lenovo Nerve Center
Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys.
local
low complexity
lenovo
5.5
2017-06-20 CVE-2017-3744 Information Exposure Through Log Files vulnerability in multiple products
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running.
network
low complexity
lenovo ibm CWE-532
6.5
2017-06-04 CVE-2017-3740 Unspecified vulnerability in Lenovo Active Protection System
In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality.
local
low complexity
lenovo
5.5
2017-01-26 CVE-2016-8226 Data Processing Errors vulnerability in Lenovo products
The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.
network
low complexity
lenovo CWE-19
4.9
2017-01-09 CVE-2016-8106 Improper Input Validation vulnerability in multiple products
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.
network
high complexity
intel hp lenovo CWE-20
5.9
2016-11-30 CVE-2016-8222 Improper Access Control vulnerability in Lenovo products
A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services.
local
low complexity
lenovo CWE-284
4.4
2016-11-29 CVE-2016-8224 Cryptographic Issues vulnerability in Lenovo products
A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections.
local
low complexity
lenovo CWE-310
4.4
2016-08-02 CVE-2016-6257 Cryptographic Issues vulnerability in multiple products
The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."
6.5