Vulnerabilities > Lenovo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-02 | CVE-2016-6257 | Cryptographic Issues vulnerability in multiple products The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack." | 6.5 |
| 2016-06-30 | CVE-2016-5248 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Solution Center 3.3.0001 The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument. | 5.5 |
| 2016-05-23 | CVE-2016-4783 | Cross-site Scripting vulnerability in Lenovo Shareit 3.5.98Ww Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)." | 6.1 |
| 2016-04-12 | CVE-2015-8108 | 7PK - Security Features vulnerability in Lenovo EMC Firmware 4.1.204.33661 The management interface in LenovoEMC EZ Media & Backup (hm3), ix2/ix2-dl, ix4-300d, px12-400r/450r, px6-300d, px2-300d, px4-300r, px4-400d, px4-400r, and px4-300d NAS devices with firmware before 4.1.204.33661 allows remote attackers to obtain sensitive device information via unspecified vectors. | 5.3 |
| 2016-03-26 | CVE-2016-1344 | Resource Management Errors vulnerability in multiple products The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417. | 5.9 |
| 2016-01-26 | CVE-2016-1492 | Improper Access Control vulnerability in Lenovo Shareit 3.0.18Ww The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area. | 6.1 |
| 2016-01-26 | CVE-2016-1490 | Information Exposure vulnerability in Lenovo Shareit 2.5.1.1 The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list. | 4.1 |