Filtered by vendor Lenovo Subscriptions
Total 403 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-4706 1 Lenovo 1 Preload Directory 2024-11-21 7.3 High
A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.
CVE-2023-4632 1 Lenovo 1 System Update 2024-11-21 7.8 High
An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.
CVE-2023-4608 1 Lenovo 104 Thinkagile Hx1331, Thinkagile Hx1331 Firmware, Thinkagile Hx2330 and 101 more 2024-11-21 4.1 Medium
An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command.  This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
CVE-2023-4606 1 Lenovo 104 Thinkagile Hx1331, Thinkagile Hx1331 Firmware, Thinkagile Hx2330 and 101 more 2024-11-21 8.1 High
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.   This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
CVE-2023-4030 1 Lenovo 9 Thinkpad, Thinkpad P14s Gen 2, Thinkpad P14s Gen 2 Firmware and 6 more 2024-11-21 8.4 High
A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.
CVE-2023-4029 1 Lenovo 53 K14 Type 21cu, K14 Type 21cu Firmware, K14 Type 21cv and 50 more 2024-11-21 6.7 Medium
A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2023-4028 1 Lenovo 61 13w Yoga, 13w Yoga Firmware, 13w Yoga Gen 2 and 58 more 2024-11-21 6.7 Medium
A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2023-45079 1 Lenovo 122 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 119 more 2024-11-21 6.7 Medium
A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
CVE-2023-45078 1 Lenovo 122 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 119 more 2024-11-21 6.7 Medium
A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
CVE-2023-45077 1 Lenovo 122 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 119 more 2024-11-21 6.7 Medium
A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
CVE-2023-45076 1 Lenovo 122 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 119 more 2024-11-21 6.7 Medium
A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
CVE-2023-45075 1 Lenovo 122 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 119 more 2024-11-21 6.7 Medium
A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
CVE-2023-43581 1 Lenovo 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more 2024-11-21 6.7 Medium
A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVE-2023-43580 1 Lenovo 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more 2024-11-21 6.7 Medium
A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVE-2023-43579 1 Lenovo 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more 2024-11-21 6.7 Medium
A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVE-2023-43578 1 Lenovo 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more 2024-11-21 6.7 Medium
A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVE-2023-43577 1 Lenovo 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more 2024-11-21 6.7 Medium
A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVE-2023-43576 1 Lenovo 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more 2024-11-21 6.7 Medium
A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVE-2023-43575 1 Lenovo 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more 2024-11-21 6.7 Medium
A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVE-2023-43574 1 Lenovo 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more 2024-11-21 4.4 Medium
A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.