Vulnerabilities > Lenovo > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-06-30 CVE-2016-5248 Permissions, Privileges, and Access Controls vulnerability in Lenovo Solution Center 3.3.0001
The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument.
local
low complexity
lenovo CWE-264
5.5
2016-05-23 CVE-2016-4783 Cross-site Scripting vulnerability in Lenovo Shareit 3.5.98Ww
Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."
network
low complexity
lenovo CWE-79
6.1
2016-04-12 CVE-2015-8108 7PK - Security Features vulnerability in Lenovo EMC Firmware 4.1.204.33661
The management interface in LenovoEMC EZ Media & Backup (hm3), ix2/ix2-dl, ix4-300d, px12-400r/450r, px6-300d, px2-300d, px4-300r, px4-400d, px4-400r, and px4-300d NAS devices with firmware before 4.1.204.33661 allows remote attackers to obtain sensitive device information via unspecified vectors.
network
low complexity
lenovo CWE-254
5.3
2016-03-26 CVE-2016-1344 Resource Management Errors vulnerability in multiple products
The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.
network
high complexity
cisco samsung sun zyxel lenovo netgear zzinc CWE-399
5.9
2016-01-26 CVE-2016-1492 Improper Access Control vulnerability in Lenovo Shareit 3.0.18Ww
The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
high complexity
lenovo CWE-284
6.1
2016-01-26 CVE-2016-1490 Information Exposure vulnerability in Lenovo Shareit 2.5.1.1
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list.
low complexity
lenovo CWE-200
4.1