PC Manager
by Lenovo
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-2502 | Hig | 0.51 | 7.8 | 0.00 | May 30, 2025 | An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. | ||
| CVE-2025-2501 | Hig | 0.51 | 7.8 | 0.00 | May 30, 2025 | An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. | ||
| CVE-2019-6198 | Hig | 0.51 | 7.8 | 0.00 | Jul 31, 2024 | A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. | ||
| CVE-2019-6197 | Hig | 0.51 | 7.8 | 0.00 | Jul 31, 2024 | A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. | ||
| CVE-2021-3550 | Hig | 0.51 | 7.8 | 0.00 | Jul 16, 2021 | A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation. | ||
| CVE-2021-3464 | Hig | 0.51 | 7.8 | 0.00 | Apr 27, 2021 | A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation. | ||
| CVE-2020-8351 | Hig | 0.51 | 7.8 | 0.00 | Nov 30, 2020 | A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges. | ||
| CVE-2025-10495 | Hig | 0.49 | 7.5 | 0.00 | Nov 12, 2025 | A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code. | ||
| CVE-2022-1513 | Hig | 0.47 | 7.3 | 0.00 | Aug 23, 2022 | A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website. | ||
| CVE-2022-0192 | Hig | 0.47 | 7.3 | 0.00 | Apr 22, 2022 | A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation. | ||
| CVE-2025-2503 | Hig | 0.46 | 7.1 | 0.00 | May 30, 2025 | An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user. | ||
| CVE-2017-3772 | Med | 0.36 | 5.5 | 0.00 | Jul 31, 2024 | A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot. | ||
| CVE-2021-3721 | Med | 0.36 | 5.5 | 0.00 | Apr 22, 2022 | A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error. | ||
| CVE-2021-3451 | Med | 0.36 | 5.5 | 0.00 | Apr 27, 2021 | A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations. | ||
| CVE-2020-8357 | Med | 0.36 | 5.5 | 0.00 | Mar 9, 2021 | A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations. | ||
| CVE-2021-3722 | Med | 0.33 | 5.0 | 0.00 | Apr 22, 2022 | A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation. | ||
| CVE-2024-10254 | Med | 0.31 | 4.7 | 0.00 | Jan 14, 2025 | A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. | ||
| CVE-2024-10253 | Med | 0.31 | 4.7 | 0.00 | Jan 14, 2025 | A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. | ||
| CVE-2026-2640 | 0.00 | — | 0.00 | Mar 11, 2026 | During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes. | |||
| CVE-2025-63946 | 0.00 | — | 0.00 | Feb 23, 2026 | A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. |
- risk 0.51cvss 7.8epss 0.00
An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
- risk 0.51cvss 7.8epss 0.00
An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
- risk 0.51cvss 7.8epss 0.00
A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.
- risk 0.51cvss 7.8epss 0.00
A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.
- risk 0.51cvss 7.8epss 0.00
A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation.
- risk 0.51cvss 7.8epss 0.00
A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation.
- risk 0.51cvss 7.8epss 0.00
A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.
- risk 0.49cvss 7.5epss 0.00
A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code.
- risk 0.47cvss 7.3epss 0.00
A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website.
- risk 0.47cvss 7.3epss 0.00
A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation.
- risk 0.46cvss 7.1epss 0.00
An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user.
- risk 0.36cvss 5.5epss 0.00
A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot.
- risk 0.36cvss 5.5epss 0.00
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error.
- risk 0.36cvss 5.5epss 0.00
A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations.
- risk 0.36cvss 5.5epss 0.00
A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations.
- risk 0.33cvss 5.0epss 0.00
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation.
- risk 0.31cvss 4.7epss 0.00
A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.
- risk 0.31cvss 4.7epss 0.00
A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.
- CVE-2026-2640Mar 11, 2026risk 0.00cvss —epss 0.00
During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes.
- CVE-2025-63946Feb 23, 2026risk 0.00cvss —epss 0.00
A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.
Page 1 of 2