Filtered by vendor Lenovo
Subscriptions
Total
372 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3746 | 1 Lenovo | 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more | 2023-08-29 | 6.7 Medium |
| A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface. | ||||
| CVE-2023-4030 | 1 Lenovo | 8 Thinkpad P14s Gen 2, Thinkpad P14s Gen 2 Firmware, Thinkpad P15s Gen 2 and 5 more | 2023-08-24 | 7.8 High |
| A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt. | ||||
| CVE-2023-4029 | 1 Lenovo | 52 K14 Type 21cu, K14 Type 21cu Firmware, K14 Type 21cv and 49 more | 2023-08-24 | 6.7 Medium |
| A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2023-4028 | 1 Lenovo | 58 13w Yoga, 13w Yoga Firmware, 13w Yoga Gen 2 and 55 more | 2023-08-24 | 6.7 Medium |
| A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2023-34419 | 1 Lenovo | 60 Legion 5-15ach6, Legion 5-15ach6 Firmware, Legion 5-15ach6a and 57 more | 2023-08-24 | 6.7 Medium |
| A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2022-0354 | 1 Lenovo | 1 System Update | 2023-08-08 | 7.8 High |
| A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window. | ||||
| CVE-2023-3113 | 1 Lenovo | 1 Xclarity Administrator | 2023-07-07 | 7.5 High |
| An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files. | ||||
| CVE-2023-34420 | 1 Lenovo | 1 Xclarity Administrator | 2023-07-06 | 7.2 High |
| A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API. | ||||
| CVE-2023-34421 | 1 Lenovo | 1 Xclarity Administrator | 2023-07-06 | 6.5 Medium |
| A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation. | ||||
| CVE-2023-34422 | 1 Lenovo | 1 Xclarity Administrator | 2023-07-06 | 6.5 Medium |
| A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation. | ||||
| CVE-2023-34418 | 1 Lenovo | 1 Xclarity Administrator | 2023-07-06 | 8.1 High |
| A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API. | ||||
| CVE-2023-2993 | 1 Lenovo | 16 Nextscale N1200 Enclosure, Nextscale N1200 Enclosure Firmware, Thinkagile Cp-cb-10 and 13 more | 2023-07-05 | 6.3 Medium |
| A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute. | ||||
| CVE-2023-2992 | 1 Lenovo | 16 Nextscale N1200 Enclosure, Nextscale N1200 Enclosure Firmware, Thinkagile Cp-cb-10 and 13 more | 2023-07-05 | 7.5 High |
| An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server. | ||||
| CVE-2023-2290 | 1 Lenovo | 170 Thinkpad E14, Thinkpad E14 Firmware, Thinkpad E14 Gen 2 and 167 more | 2023-07-05 | 6.7 Medium |
| A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2021-42849 | 1 Lenovo | 10 A1, A1 Firmware, T1 and 7 more | 2023-06-26 | 6.8 Medium |
| A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access. | ||||
| CVE-2022-48188 | 1 Lenovo | 54 Ideacentre 510s-07icb, Ideacentre 510s-07icb Firmware, Ideacentre 510s-07ick and 51 more | 2023-06-13 | 7.8 High |
| A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code. | ||||
| CVE-2022-48181 | 1 Lenovo | 228 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 225 more | 2023-06-13 | 7.8 High |
| An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code. | ||||
| CVE-2022-4569 | 1 Lenovo | 2 Thinkpad Hybrid Usb-c With Usb-a Dock, Thinkpad Hybrid Usb-c With Usb-a Dock Firmware | 2023-06-13 | 7.8 High |
| A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation. | ||||
| CVE-2022-4435 | 1 Lenovo | 2 Thinkpad X13s, Thinkpad X13s Firmware | 2023-05-15 | 4.4 Medium |
| A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. | ||||
| CVE-2022-4433 | 1 Lenovo | 2 Thinkpad X13s, Thinkpad X13s Firmware | 2023-05-15 | 4.4 Medium |
| A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. | ||||