Filtered by vendor Lenovo Subscriptions
Total 403 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-0896 1 Lenovo 2 Smart Clock Essential With Alexa Built In, Smart Clock Essential With Alexa Built In Firmware 2024-11-21 8.8 High
A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access.
CVE-2023-0683 1 Lenovo 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more 2024-11-21 8.3 High
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.
CVE-2022-4816 1 Lenovo 1 Safecenter 2024-11-21 6.2 Medium
A denial-of-service vulnerability has been identified in Lenovo Safecenter that could allow a local user to crash the application.
CVE-2022-4575 1 Lenovo 26 Thinkpad 25, Thinkpad 25 Firmware, Thinkpad L560 and 23 more 2024-11-21 6.7 Medium
A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.
CVE-2022-4574 1 Lenovo 108 Thinkpad L14, Thinkpad L14 Firmware, Thinkpad L14 Gen 2 and 105 more 2024-11-21 6.7 Medium
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.  
CVE-2022-4573 1 Lenovo 2 Thinkpad X1 Fold Gen 1, Thinkpad X1 Fold Gen 1 Firmware 2024-11-21 6.7 Medium
An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2022-4569 1 Lenovo 2 Thinkpad Hybrid Usb-c With Usb-a Dock, Thinkpad Hybrid Usb-c With Usb-a Dock Firmware 2024-11-21 7.8 High
A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation.
CVE-2022-4568 1 Lenovo 1 System Update 2024-11-21 7 High
A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.
CVE-2022-4435 1 Lenovo 2 Thinkpad X13s, Thinkpad X13s Firmware 2024-11-21 6.7 Medium
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.
CVE-2022-4434 1 Lenovo 2 Thinkpad X13s, Thinkpad X13s Firmware 2024-11-21 6.7 Medium
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure.
CVE-2022-4433 1 Lenovo 2 Thinkpad X13s, Thinkpad X13s Firmware 2024-11-21 6.7 Medium
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.
CVE-2022-4432 1 Lenovo 2 Thinkpad X13s, Thinkpad X13s Firmware 2024-11-21 6.7 Medium
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.
CVE-2022-48189 1 Lenovo 170 Thinkpad E14, Thinkpad E14 Firmware, Thinkpad E14 Gen 2 and 167 more 2024-11-21 6.7 Medium
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2022-48188 1 Lenovo 54 Ideacentre 510s-07icb, Ideacentre 510s-07icb Firmware, Ideacentre 510s-07ick and 51 more 2024-11-21 6.7 Medium
A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.
CVE-2022-48186 1 Lenovo 1 Baiying 2024-11-21 6.2 Medium
A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure.
CVE-2022-48183 3 Lenovo, Linux, Microsoft 6 Thinkpad T14s Gen 3, Thinkpad T14s Gen 3 Firmware, Thinkpad X13 Gen 3 and 3 more 2024-11-21 6.1 Medium
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
CVE-2022-48182 3 Lenovo, Linux, Microsoft 6 Thinkpad T14s Gen 3, Thinkpad T14s Gen 3 Firmware, Thinkpad X13 Gen 3 and 3 more 2024-11-21 6.1 Medium
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
CVE-2022-48181 1 Lenovo 228 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 225 more 2024-11-21 6.7 Medium
An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code.
CVE-2022-40137 1 Lenovo 571 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 568 more 2024-11-21 6.7 Medium
A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2022-40136 1 Lenovo 291 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 288 more 2024-11-21 4.4 Medium
An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.