CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3320
https://notcve.org/view.php?id=CVE-2015-3320
Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output. El software Lenovo USB Enhanced Performance Keyboard anterior a 2.0.2.2 incluye código de depuración activa en SKHOOKS.DLL, lo que permite a usuarios locales obtener información keypress mediante el acceso a salidas de depuración. • http://www.securityfocus.com/bid/74196 https://support.lenovo.com/us/en/product_security/usbenhancedkeyboard • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2015-3322
https://notcve.org/view.php?id=CVE-2015-3322
Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors. Servidores Lenovo ThinkServer RD350, RD450, RD550, RD650 y TD350 en versiones anteriores a 1.26.0 utiliza cifrado débil para almacenar contraseñas BIOS de (1) usuario y (2) administrador, lo que permite a atacantes descifrar las contraseñas a través de vectores no especificados. • http://www.securityfocus.com/bid/74198 https://support.lenovo.com/us/en/product_security/ts_bios_pw • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2014-1939
https://notcve.org/view.php?id=CVE-2014-1939
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels. java/android/webkit/BrowserFrame.java en Android anterior a 4.4 utiliza la API addJavascriptInterface en conjunto con la creación de un objeto de la clase SearchBoxImpl, lo que permite a atacantes ejecutar código Java arbitrario mediante el aprovechamiento del acceso a la interfaz searchBoxJavaBridge_ en ciertos niveles API de Android. • http://blog.chromium.org/2013/11/introducing-chromium-powered-android.html http://openwall.com/lists/oss-security/2014/02/11/2 https://support.lenovo.com/us/en/product_security/len_6421 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-1361
https://notcve.org/view.php?id=CVE-2013-1361
Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software 6.4.0.2900 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Lenovo Bluetooth. Vulnerabilidad de ruta de búsqueda no confiable en Lenovo Thinkpad Bluetooth con Enhanced Data Rate Software 6.4.0.2900 y anteriores permite a usuarios locales y, posiblemente, a un atacante remoto, ejecutar código arbitrario y llevar a cabo ataques de secuestro de DLL a través de un troyano DLL situado en la misma carpeta que el archivo que procesa Lenovo Bluetooth. • http://secunia.com/advisories/51846 http://technet.microsoft.com/en-us/security/msvr/msvr13-001 http://www.osvdb.org/89483 http://www.securityfocus.com/bid/57504 https://exchange.xforce.ibmcloud.com/vulnerabilities/81428 •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 2CVE-2009-0655
https://notcve.org/view.php?id=CVE-2009-0655
Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user. Lenovo Veriface vIII permite a atacantes fisicamente proximos acceder a la cuenta de usuario mediante la presentacion de una "imagen plana" del usuario autorizado. • http://security.bkis.vn/?p=292 http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf http://www.securityfocus.com/archive/1/498997 http://www.securityfocus.com/bid/32700 https://exchange.xforce.ibmcloud.com/vulnerabilities/48961 • CWE-287: Improper Authentication •