Filtered by vendor Lenovo
Subscriptions
Total
403 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-0896 | 1 Lenovo | 2 Smart Clock Essential With Alexa Built In, Smart Clock Essential With Alexa Built In Firmware | 2024-11-21 | 8.8 High |
A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access. | ||||
CVE-2023-0683 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2024-11-21 | 8.3 High |
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call. | ||||
CVE-2022-4816 | 1 Lenovo | 1 Safecenter | 2024-11-21 | 6.2 Medium |
A denial-of-service vulnerability has been identified in Lenovo Safecenter that could allow a local user to crash the application. | ||||
CVE-2022-4575 | 1 Lenovo | 26 Thinkpad 25, Thinkpad 25 Firmware, Thinkpad L560 and 23 more | 2024-11-21 | 6.7 Medium |
A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot. | ||||
CVE-2022-4574 | 1 Lenovo | 108 Thinkpad L14, Thinkpad L14 Firmware, Thinkpad L14 Gen 2 and 105 more | 2024-11-21 | 6.7 Medium |
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
CVE-2022-4573 | 1 Lenovo | 2 Thinkpad X1 Fold Gen 1, Thinkpad X1 Fold Gen 1 Firmware | 2024-11-21 | 6.7 Medium |
An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
CVE-2022-4569 | 1 Lenovo | 2 Thinkpad Hybrid Usb-c With Usb-a Dock, Thinkpad Hybrid Usb-c With Usb-a Dock Firmware | 2024-11-21 | 7.8 High |
A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation. | ||||
CVE-2022-4568 | 1 Lenovo | 1 System Update | 2024-11-21 | 7 High |
A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges. | ||||
CVE-2022-4435 | 1 Lenovo | 2 Thinkpad X13s, Thinkpad X13s Firmware | 2024-11-21 | 6.7 Medium |
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. | ||||
CVE-2022-4434 | 1 Lenovo | 2 Thinkpad X13s, Thinkpad X13s Firmware | 2024-11-21 | 6.7 Medium |
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure. | ||||
CVE-2022-4433 | 1 Lenovo | 2 Thinkpad X13s, Thinkpad X13s Firmware | 2024-11-21 | 6.7 Medium |
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. | ||||
CVE-2022-4432 | 1 Lenovo | 2 Thinkpad X13s, Thinkpad X13s Firmware | 2024-11-21 | 6.7 Medium |
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. | ||||
CVE-2022-48189 | 1 Lenovo | 170 Thinkpad E14, Thinkpad E14 Firmware, Thinkpad E14 Gen 2 and 167 more | 2024-11-21 | 6.7 Medium |
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
CVE-2022-48188 | 1 Lenovo | 54 Ideacentre 510s-07icb, Ideacentre 510s-07icb Firmware, Ideacentre 510s-07ick and 51 more | 2024-11-21 | 6.7 Medium |
A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code. | ||||
CVE-2022-48186 | 1 Lenovo | 1 Baiying | 2024-11-21 | 6.2 Medium |
A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure. | ||||
CVE-2022-48183 | 3 Lenovo, Linux, Microsoft | 6 Thinkpad T14s Gen 3, Thinkpad T14s Gen 3 Firmware, Thinkpad X13 Gen 3 and 3 more | 2024-11-21 | 6.1 Medium |
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. | ||||
CVE-2022-48182 | 3 Lenovo, Linux, Microsoft | 6 Thinkpad T14s Gen 3, Thinkpad T14s Gen 3 Firmware, Thinkpad X13 Gen 3 and 3 more | 2024-11-21 | 6.1 Medium |
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. | ||||
CVE-2022-48181 | 1 Lenovo | 228 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 225 more | 2024-11-21 | 6.7 Medium |
An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code. | ||||
CVE-2022-40137 | 1 Lenovo | 571 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 568 more | 2024-11-21 | 6.7 Medium |
A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
CVE-2022-40136 | 1 Lenovo | 291 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 288 more | 2024-11-21 | 4.4 Medium |
An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. |