Search Results (480 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2240 1 Lenovo 2 Access Support, Automated Solutions 2026-04-23 N/A
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download.
CVE-2007-2928 1 Lenovo 2 Access Support, Automated Solutions 2026-04-23 N/A
Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data.
CVE-2007-1307 2 Intel, Lenovo 2 Pro 1000 Lan Adapter, Thinkpad 2026-04-23 N/A
Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.
CVE-2008-4589 1 Lenovo 1 Resuce And Recovery 2026-04-23 N/A
Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name.
CVE-2017-5638 7 Apache, Arubanetworks, Hp and 4 more 13 Struts, Clearpass Policy Manager, Server Automation and 10 more 2026-04-21 9.8 Critical
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
CVE-2026-0421 1 Lenovo 4 Thinkpad L13 Gen 6 2 In 1 Bios, Thinkpad L13 Gen 6 Bios, Thinkpad L14 Gen 6 Bios and 1 more 2026-04-18 6.5 Medium
A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode.
CVE-2026-4134 1 Lenovo 1 Software Fix 2026-04-17 7.3 High
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated privileges.
CVE-2026-4145 1 Lenovo 1 Software Fix 2026-04-17 7.8 High
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges.
CVE-2026-1636 1 Lenovo 1 Service Bridge 2026-04-17 6.7 Medium
A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges.
CVE-2026-0827 1 Lenovo 2 Diagnostics, Vantage 2026-04-17 7.1 High
During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges.
CVE-2026-4135 1 Lenovo 1 Software Fix 2026-04-17 6.6 Medium
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges.
CVE-2026-0520 1 Lenovo 1 Filez 2026-04-16 2.8 Low
A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain conditions, could allow a local authenticated user to retrieve some sensitive data stored in a log file.
CVE-2024-33580 1 Lenovo 1 Personal Cloud 2026-04-15 7.8 High
A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges.
CVE-2024-33579 1 Lenovo 1 Baiying 2026-04-15 7.8 High
A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges.
CVE-2025-13152 1 Lenovo 1 One Client 2026-04-15 7.8 High
A potential DLL hijacking vulnerability was reported in Lenovo One Client during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges.
CVE-2025-1479 1 Lenovo 2 Legion Space For Legion Go, Legion Space For Legion Pc 2026-04-15 5.3 Medium
An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to execute arbitrary code.
CVE-2024-38512 1 Lenovo 1 Xclarity Controller 2026-04-15 7.2 High
A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.
CVE-2024-38510 1 Lenovo 1 Xclarity Controller 2026-04-15 7.2 High
A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.
CVE-2025-9201 1 Lenovo 2 Browser, Browser Hd 2026-04-15 7.8 High
A potential DLL hijacking vulnerability was discovered in Lenovo Browser during an internal security assessment that could allow a local user to execute code with elevated privileges.
CVE-2025-10699 1 Lenovo 1 Lecloud 2026-04-15 5.3 Medium
A vulnerability was reported in the Lenovo LeCloud client application that, under certain conditions, could allow information disclosure.