1170 matches found
Lenovo Mouse Suite Escalation of Privileges - Lenovo Support US
No description provided...
Lenovo 500 Wireless Keyboard or Mouse Keystroke Injection - Lenovo Support US
No description provided...
Lenovo 500 Wireless Keyboard or Mouse Keystroke Injection
Lenovo Security Advisory: LEN-4292 Potential Impact: Potential unwanted data input Severity: Low Summary: An unauthorized attacker may be able to enter keyboard inputs through the Lenovo 500 Wireless keyboard or mouse dongle. Description: A vulnerability was identified where an attacker with...
Lenovo XClarity Administrator (LXCA) Local Privilege Escalation - lu
Lenovo Security Advisory: LEN-7145 Potential Impact: Local privilege escalation Severity:High Scope of Impact: Lenovo Summary Description: During internal testing, Lenovo identified a local privilege escalation vulnerability in certain versions of LXCA that could allow a local user with...
Dolby Audio X2 (DAX2) privilege escalation
A vulnerability has been identified with the file permissions for the Dolby DAX2 application programming interface API that could allow a local user to run files with system level privileges. Mitigation Strategy for Customers what you should do to protect yourself: Lenovo is currently working wit...
Dolby Audio X2 (DAX2) privilege escalation - Lenovo Support US
No description provided...
Lenovo Ultraslim Wireless Keyboard Keystroke Injection - lu
Lenovo Security Advisory: LEN-7267 Potential Impact: Potential unwanted data input Severity: Medium Scope of Impact: Industry-Wide Summary Description: A vulnerability was identified where an attacker with specialized equipment who is within close physical proximity to a system with the dongle fo...
Lenovo Ultraslim Wireless Keyboard Keystroke Injection - Lenovo Support NL
No description provided...
Data on SanDisk Solid State Drives may be recoverable after running the BIOS Secure Erase Function or the ThinkPad Drive Erase Utility
Lenovo Security Advisory: LEN-5595 Potential Impact: Drive data may be able to be recovered after running the secure erase utility Severity:Medium Scope of Impact: Lenovo Summary Description: SanDisk’s firmware used to erase the data on these SSDs did not meet Lenovo’s specifications and it was...
Data on SanDisk Solid State Drives may be recoverable after running the BIOS Secure Erase Function or the ThinkPad Drive Erase Utility - Lenovo Support US
No description provided...
SuperFish Vulnerability - Lenovo Support US
No description provided...
SuperFish Vulnerability
Lenovo Security Advisory: LEN-2015-010 Potential Impact: Man-in-the-Middle Attack Severity: High Summary: This advisory only applies to Lenovo Notebook products. ThinkPad, ThinkCentre, Lenovo Desktop, ThinkStation, ThinkServer and System x products are not impacted. SuperFish was previously...
GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow ("GHOST")
Lenovo Security Advisory: LEN-2015-007 Potential Impact: Execution of Arbitrary Code Severity: High Summary: A vulnerability has been found in the GNU C Library glibc nsshostnamedigitsdots function that allows both local and remote users to cause a buffer overflow in network function calls...
Unauthorized Modification of UEFI Variables in UEFI Systems
Lenovo Security Advisory: LEN-2014-002 Potential Impact: Modifications of UEFI variables Severity: Medium Summary: Certain firmware implementations may not correctly protect and validate information contained in certain UEFI variables. Exploitation of such vulnerabilities could potentially lead t...
S3 Boot Script Protection
Lenovo Security Advisory: LEN-2014-006 Potential Impact: Elevation of Privilege Severity: Medium Summary: Certain firmware implementations may not correctly protect memory that stores the BIOS S3 Boot Script when a system is suspended. Exploitation of such vulnerabilities could potentially lead t...
Row Hammer Privilege Escalation
Lenovo Security Advisory: LEN-2015-009 Potential Impact: Escalation of Privilege Severity: Medium Summary: The Passgate issue aka “Row Hammer” is an inherent design/process limitation in memory for sub 40nm technology such as DDR3/DDR3L/LPDDR2/LPDDR3/GDDR5 that can cause errors in rows of memory...
POODLE: SSLv3 Vulnerability - Lenovo Support US
No description provided...
Intel BIOS locking mechanism contains race condition that enables write protection bypass - Lenovo Support US
No description provided...
Overflow in UEFI Variable Reclaim Function - Lenovo Support US
No description provided...
Row Hammer Privilege Escalation - Lenovo Support US
No description provided...
GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow (
No description provided...
S3 Boot Script Protection - Lenovo Support US
No description provided...
Lenovo Accelerator Application Insecure Update Mechanism - Lenovo Support US
No description provided...
Unauthorized Modification of UEFI Variables in UEFI Systems - Lenovo Support US
No description provided...
UEFI EDK2 Capsule Update Vulnerabilities - Lenovo Support US
No description provided...
Potential vulnerability in Intel® SSD Data Center Family for SATA - Lenovo Support NL
No description provided...
SMM
No description provided...
POODLE: SSLv3 Vulnerability
Lenovo Security Advisory: LEN-2014-007 Potential Impact: Unauthorized Access; Man-in-the-Middle MitM Attack Severity: Medium Summary: A security vulnerability known as POODLE was publicly announced that affects a relatively low number of Internet connected devices. However, this vulnerability is...
Potential vulnerability in Intel® SSD Data Center Family for SATA - lu
Lenovo Security Advisory: LEN-6022 Potential Impact: Denial of service Severity:High Scope of Impact: Industry-Wide Summary Description: Intel Solid State Drives SSDs are used in some Lenovo System X servers. The Intel SSD Data Center Family for SATA product series was designed to the ATA-ACS...
SMM "Incursion" Attack
Lenovo Security Advisory: LEN-2015-002 Potential Impact: Execute arbitrary code, Bypass Secure Boot, Denial of Service, Escalation of Privilege Severity: Medium Summary: Some BIOS implementations permit unsafe System Management Mode SMM function calls to memory locations outside of System...
Lenovo Accelerator Application Insecure Update Mechanism
Lenovo Security Advisory: LEN-6718 Potential Impact: Remote code execution by an attacker with local network access Severity: High Scope of Impact: Lenovo products described below Summary Description: A vulnerability was identified in the Lenovo Accelerator Application software which could lead t...
Overflow in UEFI Variable Reclaim Function
Lenovo Security Advisory: LEN-2014-009 Potential Impact: Elevation of Privilege or Denial of Service Severity: Medium Summary: The EDK1 UEFI reference implementation contains a buffer overflow vulnerability. Description: Taken from US-CERT advisory The open source EDK1 project provides a referenc...
Intel BIOS locking mechanism contains race condition that enables write protection bypass
Lenovo Security Advisory: LEN-2015-001 Potential Impact: Denial of Service, Elevation of Privilege Severity: Medium Summary: A race condition exists in computers using Intel chipsets that rely solely on two particular BIOS write locking mechanisms. Successful exploitation of this race condition m...
UEFI EDK2 Capsule Update Vulnerabilities
Lenovo Security Advisory: LEN-2014-001 Potential Impact: Execution of arbitrary code Severity: Medium Summary: The EDK2 UEFI reference implementation contains multiple vulnerabilities in the Capsule Update mechanism. Description: The open source EDK2 project provides a reference implementation of...
NVIDIA Windows Privilege Delegation Escalation
Lenovo Security Advisory: LEN-2015-008 Potential Impact: Escalation of Privilege Severity: Medium Summary: The NVIDIA Display Driver’s kernel administrator check improperly validates local client impersonation levels in some cases. Description: This vulnerability can only be exploited by a user...
Attackers with physical access to Lenovo RackSwitches may be able to upload unsigned firmware
Lenovo Security Advisory: LEN-7805 Potential Impact: Attackers with physical access may be able to upload unsigned firmware Severity: Medium Scope of Impact: Lenovo Summary Description: During internal testing, Lenovo identified a vulnerability in some Lenovo RackSwitch Ethernet switches where an...
Attackers with physical access to Lenovo RackSwitches may be able to upload unsigned firmware - Lenovo Support US
No description provided...
NVIDIA Windows Privilege Delegation Escalation - Lenovo Support US
No description provided...
LEN-5519: Lenovo System Update Privilege Escalation
Lenovo Security Advisory: LEN-5519 Potential Impact: Local Privilege Escalation Severity: High Scope of Impact: Lenovo Summary Description: During internal testing, Lenovo identified a local privilege escalation vulnerability in Lenovo System Update previously known as ThinkVantage System Update...
TPM "nvLocked" Permanent Flag may not be set
Customers can use the tool provided here that will determine if the “nvLocked” TPM permanent flag is set on their system, and will automatically set the flag if it has not been set already. The program will also show the user if the user non-volatile storage area is being used in their system or...
TPM
No description provided...
LEN-5519: Lenovo System Update Privilege Escalation - Lenovo Support US
No description provided...
SMRAM data may be viewed on ThinkPad systems - Lenovo Support US
No description provided...
SMRAM data may be viewed on ThinkPad systems
Lenovo Security Advisory: LEN-3837 Potential Impact: Leakage of SMRAM data Severity: Low Summary: An attacker may be able to view but not modify the contents of System Management RAM SMRAM data on certain Lenovo ThinkPad systems. Description: SMRAM is a part of system memory used by the processor...
LEN-2015-011: Lenovo System Update Privilege Escalation
Lenovo Security Advisory: LEN-2015-011 Potential Impact: Execution of arbitrary code Severity: Medium Summary: Several vulnerabilities have been identified within Lenovo System Update previously known as ThinkVantage System Update. Lenovo has released a new version of the Lenovo System Update...
Lenovo Fingerprint Manager and Lenovo Touch Fingerprint Software Privilege Escalation
Mitigation Strategy for Customers what you should do to protect yourself: There are several ways you can protect yourself. Lenovo recommends that you take one of the following steps: • Starting from March 18, 2016, run Lenovo System Update and install the recommended Fingerprint Manager or Lenovo...
Memory Leakage and Denial of Service Vulnerabilities Identified in Power Manager, Lenovo Settings Dependency Package and ThinkPad Settings Dependency
Lenovo Security Advisory: LEN-6027 Potential Impact: Memory leakage or denial of service attack Severity: Medium Scope of Impact: Lenovo Only Summary Description: Vulnerabilities were identified in the tppwrif driver, which is used by Lenovo software to control power management settings in some...
Privilege Escalation and Denial of Service Vulnerabilities in System X IMM2
...
ThinkServer *50-series BIOS Password Encryption Weakness
Lenovo Security Advisory: LEN-2015-018 Potential Impact: Password Disclosure Severity: Low Summary: The ThinkServer 50-series of servers store user and administrator BIOS passwords using a legacy, proprietary form of encryption. This issue was found during an internal security review and correcte...
Access Connections Privilege Escalation
Lenovo Security Advisory: LEN-2015-033 Potential Impact: Escalation of Privileges Severity: High Summary: ThinkVantage Access Connections contains a vulnerability that may allow a local user to escalate their privilege level. Description: This vulnerability can be exploited by a user with local...