Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-14066

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-15 Jul, 2018 | 16:00
Updated At-16 Sep, 2024 | 18:19
Rejected At-
Credits

The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:15 Jul, 2018 | 16:00
Updated At:16 Sep, 2024 | 18:19
Rejected At:
▼CVE Numbering Authority (CNA)

The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://hacked0x90.wordpress.com/2018/07/12/lenovo-infinix-sql-injection-to-mobile-sms-leakage/
x_refsource_MISC
Hyperlink: https://hacked0x90.wordpress.com/2018/07/12/lenovo-infinix-sql-injection-to-mobile-sms-leakage/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://hacked0x90.wordpress.com/2018/07/12/lenovo-infinix-sql-injection-to-mobile-sms-leakage/
x_refsource_MISC
x_transferred
Hyperlink: https://hacked0x90.wordpress.com/2018/07/12/lenovo-infinix-sql-injection-to-mobile-sms-leakage/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:15 Jul, 2018 | 16:29
Updated At:21 Sep, 2018 | 13:47

The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Google LLC
google
>>android>>7.0
cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
infinixmobility
infinixmobility
>>infinix_x571>>-
cpe:2.3:h:infinixmobility:infinix_x571:-:*:*:*:*:*:*:*
Google LLC
google
>>android>>6.0
cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>lenovo_a7020>>-
cpe:2.3:h:lenovo:lenovo_a7020:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://hacked0x90.wordpress.com/2018/07/12/lenovo-infinix-sql-injection-to-mobile-sms-leakage/cve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://hacked0x90.wordpress.com/2018/07/12/lenovo-infinix-sql-injection-to-mobile-sms-leakage/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

7719Records found
CVE-2013-0887
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.53%
||
7 Day CHG~0.00%
Published-23 Feb, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-windowslinux_kernelmac_os_xchromen/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2013-0831
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.29% / 51.84%
||
7 Day CHG~0.00%
Published-15 Jan, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLC
Product-opensusechromen/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-0839
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.75%
||
7 Day CHG~0.00%
Published-24 Jan, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of fonts in CANVAS elements.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2013-0885
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.69%
||
7 Day CHG~0.00%
Published-23 Feb, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-linux_kernelopensusechromewindowsmac_os_xn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2013-0892
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.63% / 81.14%
||
7 Day CHG~0.00%
Published-23 Feb, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-linux_kernelopensusechromewindowsmac_os_xn/a
CVE-2013-0919
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.91%
||
7 Day CHG~0.00%
Published-28 Mar, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 26.0.1410.43 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the presence of an extension that creates a pop-up window.

Action-Not Available
Vendor-n/aGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromen/a
CVE-2013-0924
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.78%
||
7 Day CHG~0.00%
Published-28 Mar, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2013-0830
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.96%
||
7 Day CHG~0.00%
Published-15 Jan, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors.

Action-Not Available
Vendor-n/aopenSUSEMicrosoft CorporationGoogle LLC
Product-chromeopensusewindowsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-0910
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.40%
||
7 Day CHG~0.00%
Published-04 Mar, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access restrictions via vectors involving a blocked plug-in.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-287
Improper Authentication
CVE-2013-0896
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.78%
||
7 Day CHG~0.00%
Published-23 Feb, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-linux_kernelopensusechromewindowsmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0891
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.90%
||
7 Day CHG~0.00%
Published-23 Feb, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a blob.

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-linux_kernelopensusechromewindowsmac_os_xn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2013-0832
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.39%
||
7 Day CHG~0.00%
Published-15 Jan, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLC
Product-opensusechromen/a
CVE-2012-5133
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.38% / 79.54%
||
7 Day CHG~0.00%
Published-28 Nov, 2012 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLC
Product-opensusechromen/a
CWE ID-CWE-416
Use After Free
CVE-2012-5122
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.38% / 79.54%
||
7 Day CHG~0.00%
Published-07 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 23.0.1271.64 does not properly perform a cast of an unspecified variable during handling of input, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2012-5121
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-3.36% / 86.83%
||
7 Day CHG~0.00%
Published-07 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video layout.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-416
Use After Free
CVE-2012-5150
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.39%
||
7 Day CHG~0.00%
Published-15 Jan, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations on video data.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLC
Product-opensusechromen/a
CVE-2012-5145
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-2.20% / 83.78%
||
7 Day CHG~0.00%
Published-15 Jan, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLC
Product-opensusechromen/a
CWE ID-CWE-416
Use After Free
CVE-2019-6168
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.8||HIGH
EPSS-2.07% / 83.22%
||
7 Day CHG~0.00%
Published-26 Jun, 2019 | 14:12
Updated-16 Sep, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.

Action-Not Available
Vendor-Lenovo Group Limited
Product-ideacentretabletthinkpadthinkcentreideapadthinkstationyogaservice_bridgeService Bridge
CVE-2012-5117
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.48%
||
7 Day CHG~0.00%
Published-07 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2012-5126
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.38% / 79.54%
||
7 Day CHG~0.00%
Published-07 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of plug-in placeholders.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-416
Use After Free
CVE-2012-5116
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.38% / 79.54%
||
7 Day CHG~0.00%
Published-07 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG filters.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-416
Use After Free
CVE-2012-5131
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.89% / 74.57%
||
7 Day CHG~0.00%
Published-28 Nov, 2012 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 23.0.1271.91 on Mac OS X does not properly mitigate improper rendering behavior in the Intel GPU driver, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aApple Inc.Google LLC
Product-mac_os_xchromen/a
CVE-2019-6177
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.82%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 19:55
Updated-16 Sep, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Lenovo Vantage or Lenovo Diagnostics in April 2018.

Action-Not Available
Vendor-Lenovo Group Limited
Product-solution_centerSolution Center
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-4908
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.62% / 87.35%
||
7 Day CHG~0.00%
Published-13 Sep, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidchromen/a
CVE-2019-5866
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 61.15%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2012-2823
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.14%
||
7 Day CHG~0.00%
Published-27 Jun, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG resources.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2012-2878
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.89% / 74.57%
||
7 Day CHG~0.00%
Published-26 Sep, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLC
Product-opensusechromen/a
CVE-2012-2842
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.46% / 80.08%
||
7 Day CHG~0.00%
Published-12 Jul, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counter handling.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2013-0908
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.19% / 41.64%
||
7 Day CHG~0.00%
Published-04 Mar, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2019-6188
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-9.8||CRITICAL
EPSS-0.62% / 69.12%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 20:40
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ThinkPad T460p and T470p BIOS Tamper Mechanism

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access.

Action-Not Available
Vendor-Lenovo Group Limited
Product-s340-15iwl_touchl340-17irh_firmwarezhaoyang_e43-80_kbl_firmwareqitian_m4650v330-14isk_firmwarea340-22_iwl_firmware720s-15ikb_firmwarethinkpad_e490ideacentre_730s-24ikb_firmwarev110-15ikbthinkcentre_m73p130-15ikb_firmwarethinkcentre_m720qlegion_y740-17ichgthinkpad_p51sthinkpad_p53thinkpad_e450cthinkcentre_m79_firmwareyta8900fthinkpad_p72_firmwarethinkpad_l590thinkcentre_e93_firmwarerescuer_y7000p\(1060\)130-14ikb_firmwareyangtian_ws_h81_firmwarethinkpad_p52thinkpad_e560p_firmwarethinkpad_p70aio_330-20astthinkpad_e470_firmware330-15ikbrv530s-07icb_firmwarem4500_firmwarethinkpad_e460thinkpad_yoga_11ethinkpad_x280thinkcentre_m83_firmwarethinkstation_p318_firmwarethinkpad_tablet_8_firmwarec340-14iwl_firmwarelegion_t530-28icbthinkpad_l470_firmwares540-14iwl_firmwarelegion_t730-28ico330c-14ikbs540-14iwl_touch_firmwarethinkpad_l380_firmwarelegion_y740-15ichgthinkcentre_e74_firmwarethinkpad_r590_firmwareqitian_b5900_firmwarethinkpad_t560_firmwarethinkpad_t580thinkcentre_m4500kthinkcentre_m6500t_firmwarethinkcentre_m93z_\(aio\)yoga_s940-14iwl_firmwarethinkpad_x1_yogathinkcentre_m625q_firmwarethinkpad_t570_firmwarelegion_y520t_z370legion_t530-28icb_reflash_firmwarethinkcentre_m4500t_firmwares340-14iwlqt_b415_firmwareyangtian_wf_h81_pci_firmwareqitian_m4600_firmware340c-15ikb_firmwarethinkcentre_m910x_firmwarethinkcentre_m910s_firmwareyangtian_afh110_firmwareyangtian_wf_h110_pci_firmwarethinkpad_x380_yoga_firmwareyangtian_afq150_firmwarev320-14ikby7000_2019_1050v330-14ikb_firmwarethinkpad_w540h50-30g_desktopv330-14iskyoga_s940-14iwlyangtian_tc_h81_pci_firmwarethinkcentre_x1_aiothinkpad_p52_firmwarethinkpad_s2_yoga_4th_gen_firmwarethinkcentre_m720s_firmwarethinkpad_t580_firmwarelegion_t530-28aprideacentre_720-18icb_firmwareyoga530-14ikb_firmwares540-14iwl_touchthinkcentre_m4600tthinkcentre_m920q_firmwarezhaoyang_k42-80thinkpad_t25lenovo_v720-14ikbqt_a7400s540-15iwl_firmwareaio_330-20igm_firmwarethinkpad_t460sideacentre_300s-11ish_firmware510-15iklaio_520-24ast_firmwareyangtian_mf_h81_pci330-14ikb_firmware720s_touch-15ikb_firmwarethinkpad_e570thinkcentre_m79v310-14ikbthinkstation_p318thinkcentre_m700sthinkpad_x1_extreme_firmwarev130-14ikbthinkcentre_m6600t_firmware330-15ikb_firmwarethinkpad_e550thinkcentre_m8600s_firmwarec340-14iwlv310-15ikb_firmwareyoga_730-13iwl_firmwarethinkcentre_m715q_firmwarethinkpad_tablet_10_firmwarethinkcentre_m73_firmwarethinkpad_t440qitian_b4550_firmwarethinkpad_e580thinkcentre_e73_firmwarethinkcentre_m920t_firmwarethinkcentre_e93thinkcentre_m6500s_firmwareyoga_11e_3rd_genthinkpad_p71thinkcentre_m710q330-15ikbr_touchthinkpad_10_firmwarethinkpad_p51s_firmwarethinkcentre_m710e_firmwarethinkcentre_m8500ss145-15ikbthinkpad_x250thinkcentre_m900_firmwarev310z\(yt_s3150\)_firmware330-15ich_firmwarel340-15iwltouchthinkcentre_e75sthinkcentre_m920zyangtian_mc_h81_firmwarethinkcentre_m9550zthinkcentre_e74zideacentre_720-18aprthinkcentre_m9550z_firmwarethinkpad_helix_firmwarethinkpad_t480s_firmwarelegion_y9000p_2019_firmwarethinkpad_s3_3rd_genthinkcentre_m73p_firmwarelegion_y9000p_2019v130-14ikb_firmwarexiaoxin_tide_7000-15_u42thinkcentre_m7300z_firmwarethinkcentre_m6600qthinkcentre_m8350z_firmwarev310-14isk_firmwares145-14ikb_firmwarec340-15iwlwei5-14ikb_firmwarethinksystem_odc5200-cn650s_firmwarelegion_y740-15irhg_firmwarethinkcentre_m820zv110-14ikb_firmwarev310z\(yt_s3150\)v110-14ikbthinkpad_l560_firmwarethinkcentre_s510_firmwarelegion_y730-15ich_firmware330-14ikbthinkpad_p53s_firmwares145-15ikb_firmwareyangtian_tc_h81_pciyoga_s730-13iwll340-15irh_firmwarethinkstation_p300_firmwarel340-17irhthinkpad_p52sthinkpad_t470_firmwarethinkcentre_m73_tiny_firmwarethinkcentre_m920x_firmwarethinkcentre_m6600_firmwarethinkpad_t480_firmware530s-14iwl_firmwarethinkpad_x1_carbon_firmwarerescuer_y7000p\(1060\)_firmwarelegion_c730-19icothinkcentre_m4500q_firmwarethinkpad_e580_firmwareaio520-24iku_firmwarem4550_id_firmware530s-15ikbthinkpad_t570thinkpad_l560ideacentre_510-15icb_firmwarethinkcentre_m6600tthinkpad_t590yoga_11e_4th_gen_firmwarethinkpad_t550xiaoxin-14_2019iwlthinkpad_x1_tabletwei5-14ikbxiaoxin-14_2019iwl_firmwarethinkpad_t450sqt_a7400_firmwarev130-15ikbthinkcentre_m73yangtian_ws_h81rescuer_y7000yoga_s730-13iwl_firmwarev530-22icb\(yt_s4350\)thinkstation_p310_firmwareaio520-22ikuthinkpad_tablet_8thinkcentre_e96z_firmwarethinkpad_l390_yoga_firmwaree52-80yangtian_mc_h110thinkpad_x270k43c-80thinkpad_l580_firmwarev510-15ikbthinkcentre_m715qyoga_520-14ikbh50-30g_desktop_firmwarethinkpad_p50s_firmwarelegion_y530-15ich\(1060\)_firmwareaio520-22ikl_firmwareideacentre_300s-11ishv320-15ikb_firmwarethinkpad_t440p_firmwarethinkpad_l470xiaoxin_air-14iwl_2019thinkpad_t440s_firmwarethinkpad_e570_firmwarethinkpad_s5_firmwareyogo_a940-27icb_firmwarethinkpad_t440pideacentre_310s-08asr_firmwarethinkcentre_m9350zthinkpad_tablet_10a340-22_iwllegion_y9000k_2019thinkpad_x390_yoga_firmwareyoga_11e_4th_gen730s-13iwlthinkpad_l380thinkpad_t450_firmwarelegion_t530-28apr_firmwarethinkpad_x1_yoga_firmwarethinkpad_t590_firmwares340-14iwl_touchthinkpad_s1_yoga_firmwarethinkpad_x1_extremelegion_c530-19icbyangtian_wcc_h81_pcithinkpad_l490_firmwarethinkcentre_e73syoga530-14ikbthinkpad_x1_carbonthinkpad_e560_firmwarelegion_y7000p-1060_firmwarethinkpad_t460p_firmwarexiaoxin_air_14iwlthinkcentre_m8600s330-17ich_firmwarev310-15ikbxiaoxin-15_2019iwl_firmwarethinkpad_r490yangtian_mc_h81flex-15iwlaio_330-20ast_firmwareideacentre_510a-15icblegion_y730-17ich_firmwareyoga_11e_3rd_gen_firmwarethinkcentre_m710s_firmwarethinkpad_e590xiaoxin_air_14ikbrc340-15iwl_firmwarethinkcentre_m73_tinya340-22icbthinkcentre_e74s_firmwareyangtian_wc_h110_pcithinkpad_p1_firmwarethinkpad_s5_yoga_15v330-15igma340-22ast_firmwareqt_m410xiaoxin_air_15iwlthinkpad_yoga_11e_firmware330-14ikbryoga_730-13ikbv510-15ikb_firmwarev410z\(yt_s4250\)aio520-22iklthinkpad_l480_firmwarethinkpad_x380_yoga530s-15iwl_firmwarexiaoxin_air_13iwl_firmwareaio520-24ikurescuer_y7000pthinkpad_x131ethinkstation_p320rescuer_y7000p_firmwareqitian_4500thinkcentre_m93_firmwareyoga_730-13iwlv520t-15iklthinkcentre_m710t_firmwares340-14iwl_firmwareqitian_a815v510z_\(yt_s5250\)_firmwarethinksystem_hr650x_\(skl\)_firmwarethinkpad_l450qitian_m4650_firmwarethinkpad_t470s_firmwarethinkcentre_e73s_firmwareaio520-24ikl_firmwarezhaoyang_e53-80thinkpad_r590thinkpad_p50aio_520-24aste42-80_firmwarethinkcentre_m800_firmware530s-15ikb_firmwarethinkpad_p43s_\(20rx\)_firmwarev330-15ikbideacentre_310s-08igm_firmwarethinkcentre_m700tthinkpad_t440sqt_b415s340-15iwl_firmwareyangtian_we_h110_firmware330-15ikbflex_5-1570\(r\)thinkpad_p70_firmwarexx_chao5000-ikbra_firmwarethinkpad_13thinkpad_t470thinkcentre_m7300zs530-13iwl_firmwarethinkcentre_m700s_firmwarethinkcentre_e74lenovo_v720-14ikb_firmwarelegion_y530-15ich_firmwareyangtian_mc_h110_pciqitian_m4550330c-15ikbrthinkpad_e480v520s-08iklxiaoxin_air_14iwl_firmwarethinkpad_l380_yoga330-17ikbr_firmwarethinkpad_s3thinkcentre_m8600t_firmwarethinkcentre_m820z_firmware720s_touch-15ikblegion_y7000p-1060thinkpad_e470xiaoxin-14iwl_qc_2019720s-14ikbrthinkcentre_m4600t_firmwarerescuer_y7000_firmwarem4500yangtian_afh110a340-24_iwlthinkpad_helixflex_6-14ikbthinkpad_w550s_firmwarev320-17ikbrxiaoxin-15_2019iwlyangtian_mf_h110_pci_firmwareideacentre_700thinkcentre_m900z_firmwareideacentre_310s-08asr720s-15ikbthinkcentre_m83z_\(aio\)_firmwarethinkcentre_m720q_firmwarethinkcentre_m715sthinkpad_l460_firmwarethinkcentre_s510thinkpad_w541thinkcentre_m715q_rrthinkcentre_m700za340-22icb_firmwarethinkcentre_e95z_firmwarexiaoxin_air-15iwl_2019_firmwarethinkcentre_e96zthinkcentre_m818z_firmwarev530-22icb\(yt_s4350\)_firmwaremiix_720-12ikb_firmwarewei5-15ikbthinkpad_x240s_firmwarea340-24_iwl_firmwarethinkcentre_m715q_rr_firmwarethinkpad_l460yoga_520-14ikb_firmware510s-08ikl_firmwarethinkcentre_m710ea340-22ast330c-14ikb_firmwarev410z\(yt_s4250\)_firmwarethinkstation_p310thinkpad_s2_yoga_4th_genthinksystem_odc5200-cn650sthinkcentre_m4500sthinkpad_11ethinkstation_e32_firmwarethinkpad_t460pthinkpad_p1s340-15iwlthinkpad_x140elegion_y520t_z370_firmwareideacentre_510-15icbideacentre_510s-08ish340c-15ikbthinkpad_l380_yoga_firmwarethinkpad_x1_tablet_firmware530s-14ikb_firmwarev320-14ikb_firmwarethinkcentre_m920tthinkcentre_m715t_firmwarethinkpad_x390thinkcentre_m710tthinkpad_s540v520s-08ikl_firmwarethinkcentre_m720ty7000_2019_1050_firmwarev110-15ikb_firmwarelegion_t530-28apr_reflashlegion_c530-19icb_firmwares540-15iwll340-15irhideacentre_700_firmwareqt_m415_firmware340c-15iwlv130-15ikb_firmwarethinkpad_s3_firmwarexiaoxin_air-14iwl_2019_firmware330c-15ikbr_firmwarev310-14iskxiaoxin_tide_7000-15_u22thinkpad_s531_firmwarethinkpad_t490_firmwareqitian_b4650_firmwarev540-24iwl\(yt_s5430\)330-15ikbr_firmwarezhaoyang_k42-80_firmwarethinkpad_l390_yogayoga_730-15ikb_firmwareflex_6-1470aio520-24iklthinkpad_x240_firmwarethinkcentre_m4600s_firmwarethinkpad_l450_firmwarethinkcentre_m700z_firmwarethinkpad_13_firmwaremiix_720-12ikblegion_y740-17irhgxiaoxin_air-15iwl_2019thinkpad_l570_firmwarethinkpad_w540_firmwareflex-14iwlflex-15iwl_firmwareyangtian_mc_h110_pci_firmwarethinkpad_e550cthinkpad_e490sthinkcentre_e95zv330-15isklegion_t530-28icb_reflashwei5-15ikb_firmware330-17ikbthinkpad_s540_firmware330-17ichthinkcentre_m600_firmwarev730-15ikb_firmwarea340-24icbthinkcentre_m910q_firmwares340-15iwl_touch_firmwareqt_m410_firmwarethinkpad_s2_yoga_3rd_gen_firmwarethinkcentre_m910zs340-14iwl_touch_firmwarethinkcentre_m920sthinkcentre_m710q_firmwareqitian_4500_firmwarethinkpad_x390_yogathinkcentre_m818zqt_m415thinkcentre_m8600tthinkpad_s1_yogathinkpad_e560thinksystem_hr650x_\(skl\)yangtian_mf_h110_pcithinkcentre_m910qrescuer_y7000\(1060\)510s-08iklideacentre_720-18apr_firmwarethinkcentre_m720s340c-15iwl_firmwarethinkcentre_m90n-1_firmwarexiaoxin_air_15ikbr_firmwarethinkpad_p43s_\(20rx\)v330-15igm_firmware530s-14ikbyangtian_wcc_h81_pci_firmwarethinkcentre_m810zyangtian_afh81_firmwarethinkcentre_m9500zthinkpad_x131e_firmwarethinkcentre_m810z_firmwareflex_6-1470_firmwarev510z_\(yt_s5250\)m4550_idv330-14ikbthinkpad_e480_firmwareflex_6-14ikb_firmwarethinkstation_p300thinkcentre_m6600yangtian_me_h110_firmwarel340-15iwl330-14ikbr_firmwareyangtian_wf_h110_pcithinkpad_t540pthinkcentre_m6600sthinkpad_t540p_firmwarelegion_y530-15ich\(1060\)thinkpad_t460_firmwarethinkpad_t460s_firmwarethinkstation_p330330-17ikbrl340-17iwl_firmwarethinkcentre_m700qthinkpad_x270_firmware63_firmwarethinkpad_s2_yoga_3rd_genthinkcentre_m6500sthinkcentre_m8500s_firmwarethinkpad_l490aio520-24arr330-15ichxiaoxin_tide_7000-15_u22_firmwarethinkpad_p71_firmware330c-15ikb_firmwareqitian_b4650thinkpad_l590_firmwarethinkcentre_e75tthinkcentre_m4500qs145-15iwl_firmwarexiaoxin_air_15iwl_firmwareqitian_a815_firmwareyta8900f_firmwarethinkpad_x260s145-15iwlthinkcentre_m910tthinkpad_x250_firmware530s-15iwl330c-15ikbthinkpad_yoga_260-s1thinkcentre_e75t_firmwarethinkstation_p330_firmwarethinkpad_s5_2nd_generation_firmwareaio_330-20igmaio520-27ikl_firmwaree52-80_firmwarethinkcentre_m920qthinkpad_p50_firmwarethinkpad_s3_3rd_gen_firmwarethinkcentre_m4500s_firmwarethinkcentre_m720t_firmwarethinkpad_x260_firmwarelegion_y730-15ichthinkpad_e590_firmwarezhaoyang_e53-80_firmwarethinkstation_p320_tinythinkcentre_m800thinkpad_t450thinkcentre_m800zthinkcentre_m900yangtian_mc_h110_firmwarethinkpad_t490thinkcentre_m93p_firmwarethinkpad_x280_firmwarethinkcentre_m93thinkpad_p73_firmwarethinkstation_p330_tiny_firmwares940-14iwllegion_y740-15ichg_firmwarethinkcentre_m8350zxiaoxin-14iwl_qc_2019_firmwareyoga_730-15iwl_firmwarel340-17iwls530-13iwlthinkcentre_m625qthinkpad_w550sthinkpad_l480thinkpad_e450_firmwarethinkpad_t460thinkpad_x390_firmware330-17ikb_firmwarethinkpad_r490_firmwares540-14iwls145-14ikbthinkpad_t440_firmwarethinkcentre_m8500tthinkcentre_m83z_\(aio\)thinkcentre_m93plegion_t530-28icb_firmware330-15ikbr_touch_firmwareideacentre_510a-15icb_firmwarexiaoxin_air_13iwlv320-17ikbr_firmwareideacentre_730s-24ikbflex-14iwl_firmwarev530-24icb\(yt_s5350\)xx_chao5000-ikbrathinkpad_10thinkcentre_m700q_firmwareyangtian_me_h110legion_y740-17ichg_firmwareqitian_b5900v310-15iskv530s-07icb63thinkpad_yoga_370yangtian_afq150aio520-24arr_firmwarev310-14ikb_firmwarek43c-80_firmware130-14ikbqitian_b4550thinkpad_e550c_firmwareideacentre_310s-08igmthinkpad_x140e_firmwareideacentre_300-20ish_firmwarethinkstation_p330_tinyyangtian_mf_h81_pci_firmwarea340-24icb_firmwarethinkcentre_m9350z_firmwarethinkpad_x240legion_y740-17irhg_firmwarethinkcentre_m800z_firmwareyoga_730-15iwlthinkpad_t450s_firmwarethinkcentre_m9500z_firmwarexiaoxin_air_14ikbr_firmwarethinkcentre_m920s_firmwarethinkpad_p52s_firmwareideacentre_720-18icbthinkcentre_m920z_firmwarethinkpad_t550_firmwarethinkcentre_m4600sthinkcentre_e74sv510-14ikb_firmwarethinkcentre_m610thinkpad_s531thinkpad_yoga_260-s1_firmwareideacentre_300-20ishthinkpad_t25_firmwareyangtian_wf_h81_pcithinkcentre_m920xyangtian_ytm6900e-00_firmwares940-14iwl_firmwarethinkcentre_m90n-1m4500_id_firmwarethinkcentre_e73720s-14ikbr_firmwareflex_5-1570\(r\)_firmwarelegion_y740-15irhgthinkcentre_m6500tv330-15ikb_firmwarethinkcentre_m910xrescuer_y7000\(1060\)_firmwarethinkcentre_m6600s_firmwarethinkpad_p53sthinkpad_t480sthinkpad_w541_firmwarethinkpad_p51_firmwarethinkcentre_m910sl340-15iwl_firmwareyangtian_ms_h81_firmwarelegion_c730-19ico_firmwareqitian_m4600thinkpad_e460_firmwarethinkstation_p320_firmwarethinkpad_11e_firmwarethinkpad_l570thinkcentre_m6600q_firmware530s-14iwlthinkcentre_m8500t_firmwareyangtian_ms_h81thinkpad_s5_yoga_15_firmwarezhaoyang_e43-80_kblthinkcentre_m900zthinkpad_e450c_firmwareaio520-27iklthinkpad_t490s_firmwarethinkpad_x240sideacentre_510s-08ish_firmwaree42-80thinkpad_l580yogo_a940-27icbyangtian_tc_h110_pci_firmwarelegion_t730-28ico_firmwarethinkcentre_m8300z_firmwareyangtian_we_h110thinkpad_s5_2nd_generation130-15ikb510-15ikl_firmwarelegion_y730-17ichm4500_idthinkcentre_m725syangtian_ytm6900e-00v310-15isk_firmwarethinkpad_e490s_firmwarethinkpad_s5thinkpad_t470p_firmwarethinkcentre_m725s_firmwarelegion_t530-28apr_reflash_firmwarelegion_y9000k_2019_firmwarev540-24iwl\(yt_s5430\)_firmwareyoga_730-13ikb_firmwarethinkpad_e490_firmware730s-13iwl_firmwarev320-15ikbthinkpad_t560thinkcentre_m8300zs145-14iwlthinkpad_s1_3rd_firmwarethinksystem_hr630x_\(skl\)_firmwarexiaoxin_tide_7000-15_u42_firmwarelegion_y530-15ichthinkcentre_m700t_firmwarethinkstation_p320_tiny_firmwarethinkcentre_m83thinkpad_p50sthinkpad_p53_firmwarev330-15isk_firmwarethinkcentre_e74z_firmwarethinksystem_hr630x_\(skl\)v520t-15ikl_firmwarethinkpad_s1_3rdthinkcentre_x1_aio_firmwarethinkcentre_m4500k_firmwarexiaoxin_air_15ikbrthinkcentre_e75s_firmwarethinkpad_p51v510-14ikbthinkcentre_m610_firmwareqitian_m4550_firmwarev730-15ikbthinkpad_t490sl340-15iwltouch_firmwarethinkpad_p73thinkpad_e560pthinkcentre_m93z_\(aio\)_firmwares145-14iwl_firmwarev530-24icb\(yt_s5350\)_firmwarethinkcentre_m715tyangtian_wc_h110_pci_firmwarethinkpad_t470sthinkpad_p72thinkcentre_m910t_firmwarethinkpad_e450thinkpad_t470pthinkcentre_m710syangtian_afh81thinkcentre_m4500tthinkcentre_m910z_firmwarethinkpad_yoga_370_firmwarethinkpad_e550_firmwareyoga_730-15ikbthinkcentre_m715s_firmwareaio520-22iku_firmwarethinkpad_t480thinkstation_e32thinkcentre_m600yangtian_tc_h110_pciThinkPad T470pThinkPad T460p
CVE-2012-2866
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.62% / 81.06%
||
7 Day CHG~0.00%
Published-31 Aug, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLC
Product-opensusechromen/a
CVE-2017-6211
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 30.72%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can occur.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-2888
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.89% / 74.57%
||
7 Day CHG~0.00%
Published-26 Sep, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG text references.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLC
Product-opensusechromen/a
CVE-2012-2883
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.89% / 74.57%
||
7 Day CHG~0.00%
Published-26 Sep, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2874.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLC
Product-opensusechromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-2829
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.16% / 77.71%
||
7 Day CHG~0.00%
Published-27 Jun, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2012-2863
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.39%
||
7 Day CHG~0.00%
Published-09 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-2859
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.95% / 75.41%
||
7 Day CHG~0.00%
Published-06 Aug, 2012 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 21.0.1180.57 on Linux does not properly handle tabs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-5111
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.96%
||
7 Day CHG~0.00%
Published-09 Oct, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepper plug-ins, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2012-2876
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.97% / 75.68%
||
7 Day CHG~0.00%
Published-26 Sep, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the SSE2 optimization functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLC
Product-opensusechromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-2881
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.89% / 74.57%
||
7 Day CHG~0.00%
Published-26 Sep, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLC
Product-opensusechromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-2880
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.69% / 70.82%
||
7 Day CHG~0.00%
Published-26 Sep, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the plug-in paint buffer.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLC
Product-opensusechromen/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2012-2896
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.10%
||
7 Day CHG~0.00%
Published-26 Sep, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the WebGL implementation in Google Chrome before 22.0.1229.79 on Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aApple Inc.Google LLC
Product-mac_os_xchromen/a
CVE-2021-39655
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 39.05%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:06
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Product: AndroidVersions: Android kernelAndroid ID: A-192641593References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2012-2827
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.94%
||
7 Day CHG~0.00%
Published-27 Jun, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the UI in Google Chrome before 20.0.1132.43 on Mac OS X allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aApple Inc.Google LLC
Product-mac_os_xchromen/a
CVE-2012-2869
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.38% / 79.54%
||
7 Day CHG~0.00%
Published-31 Aug, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale buffer."

Action-Not Available
Vendor-n/aopenSUSEGoogle LLC
Product-opensusechromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-2843
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.69% / 70.95%
||
7 Day CHG~0.00%
Published-12 Jul, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout height tracking.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2005-3757
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-75.75% / 98.86%
||
7 Day CHG~0.00%
Published-22 Nov, 2005 | 21:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.

Action-Not Available
Vendor-n/aGoogle LLC
Product-search_appliancemini_search_appliancen/a
CVE-2021-3849
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-9.8||CRITICAL
EPSS-0.51% / 65.25%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 21:10
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.

Action-Not Available
Vendor-IBM CorporationLenovo Group Limited
Product-thinkagile_vx_enclosurenextscale_n1200_enclosure_firmwarethinkagile_hx_enclosure_certified_nodethinksystem_d2_enclosure_firmwarenextscale_fan_power_controller_firmwarenextscale_fan_power_controllerthinksystem_d2_enclosurethinkagile_vx_enclosure_firmwarenextscale_n1200_enclosurethinkagile_hx_enclosure_certified_node_firmwareFan Power Controller2 (FPC2)Lenovo System Management Module (SMM)
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2013-2887
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.56% / 67.14%
||
7 Day CHG~0.00%
Published-21 Aug, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547.57 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2013-2928
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.56% / 67.14%
||
7 Day CHG~0.00%
Published-16 Oct, 2013 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 154
  • 155
  • Next
Details not found