ReportizFlow
Filtered by vendor Lenovo
Subscriptions
Total
464 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8485 | 1 Lenovo | 1 App Store | 2026-02-02 | 7.3 High |
| An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application. | ||||
| CVE-2025-2503 | 1 Lenovo | 1 Pcmanager | 2026-02-02 | 7.1 High |
| An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user. | ||||
| CVE-2021-3453 | 1 Lenovo | 42 730s-13iml, 730s-13iml Firmware, Ideacentre Aio 5-24imb05 and 39 more | 2025-12-16 | 6.8 Medium |
| Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage. | ||||
| CVE-2024-2659 | 1 Lenovo | 138 Fan Power Controller, Nextscale N1200 Enclosure, Nextscale N1200 Enclosure Firmware and 135 more | 2025-08-27 | 7.2 High |
| A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function. | ||||
| CVE-2025-6230 | 1 Lenovo | 2 Commercial Vantage, Vantage | 2025-08-19 | 5.3 Medium |
| A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands. | ||||
| CVE-2024-23591 | 1 Lenovo | 2 Thinksystem Sr670 V2, Thinksystem Sr670 V2 Firmware | 2025-07-23 | 2 Low |
| ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. The server’s NIST SP 800-193-compliant Platform Firmware Resiliency (PFR) security subsystem significantly mitigates this issue. | ||||
| CVE-2025-6232 | 1 Lenovo | 2 Commercial Vantage, Vantage | 2025-07-22 | 7.8 High |
| An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations. | ||||
| CVE-2025-6231 | 1 Lenovo | 2 Commercial Vantage, Vantage | 2025-07-22 | 7.8 High |
| An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file. | ||||
| CVE-2023-6043 | 1 Lenovo | 1 Vantage | 2025-06-18 | 7.8 High |
| A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges. | ||||
| CVE-2023-5080 | 1 Lenovo | 12 Tab M10 Plus Gen 3 Tb125fu, Tab M10 Plus Gen 3 Tb125fu Firmware, Tab M8 Hd Tb8505f and 9 more | 2025-06-18 | 6.8 Medium |
| A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands. | ||||
| CVE-2023-6540 | 1 Lenovo | 2 Browser Hd, Browser Mobile | 2025-06-17 | 6.5 Medium |
| A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information. | ||||
| CVE-2023-6338 | 1 Lenovo | 1 Universal Device Client | 2025-06-03 | 7.8 High |
| Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. | ||||
| CVE-2015-4596 | 1 Lenovo | 1 Mouse Suite | 2025-05-30 | N/A |
| Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges. | ||||
| CVE-2023-5081 | 1 Lenovo | 8 Tab M8 Hd Tb8505f, Tab M8 Hd Tb8505f Firmware, Tab M8 Hd Tb8505fs and 5 more | 2025-05-30 | 3.3 Low |
| An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. | ||||
| CVE-2023-6044 | 1 Lenovo | 1 Vantage | 2025-05-30 | 6.3 Medium |
| A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges. | ||||
| CVE-2021-42205 | 1 Lenovo | 1 Elan Miniport Touchpad Driver | 2025-05-02 | 4.7 Medium |
| ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice. | ||||
| CVE-2017-3751 | 1 Lenovo | 1 Thinkpad Compact Usb Keyboard Driver | 2025-04-20 | N/A |
| An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges. | ||||
| CVE-2017-3752 | 2 Ibm, Lenovo | 30 1\, 1g L2-7 Slb, Bladecenter and 27 more | 2025-04-20 | N/A |
| An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain. | ||||
| CVE-2017-3749 | 2 Google, Lenovo | 21 Android, Vibe A1600, Vibe A2560 and 18 more | 2025-04-20 | N/A |
| On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750. | ||||
| CVE-2017-3756 | 2 Lenovo, Microsoft | 151 Thinkpad 10 Ella 2, Thinkpad 10 Ella 2 Bios, Thinkpad 11e Beema and 148 more | 2025-04-20 | N/A |
| A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path. | ||||