Filtered by vendor Lenovo
Subscriptions
Total
403 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-3743 | 1 Lenovo | 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more | 2024-10-01 | 4.4 Medium |
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands. | ||||
CVE-2022-3745 | 1 Lenovo | 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more | 2024-10-01 | 4.4 Medium |
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI. | ||||
CVE-2022-3431 | 1 Lenovo | 51 D330-10igl, D330-10igl Firmware, Ideapad 5 Pro-16ach6 and 48 more | 2024-09-19 | 6.7 Medium |
A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | ||||
CVE-2022-3728 | 1 Lenovo | 4 Thinkpad T14s Gen 3, Thinkpad T14s Gen 3 Firmware, Thinkpad X13 Gen 3 and 1 more | 2024-09-19 | 6.1 Medium |
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. | ||||
CVE-2022-48182 | 3 Lenovo, Linux, Microsoft | 6 Thinkpad T14s Gen 3, Thinkpad T14s Gen 3 Firmware, Thinkpad X13 Gen 3 and 3 more | 2024-09-19 | 6.1 Medium |
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. | ||||
CVE-2022-48183 | 3 Lenovo, Linux, Microsoft | 6 Thinkpad T14s Gen 3, Thinkpad T14s Gen 3 Firmware, Thinkpad X13 Gen 3 and 3 more | 2024-09-19 | 6.1 Medium |
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. | ||||
CVE-2024-45103 | 4 Emc, Lenovo, Microsoft and 1 more | 4 Vmware, Xclarity Administrator, Windows and 1 more | 2024-09-19 | 4.3 Medium |
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges. | ||||
CVE-2024-45104 | 4 Emc, Lenovo, Microsoft and 1 more | 4 Vmware, Xclarity Administrator, Windows and 1 more | 2024-09-19 | 6.3 Medium |
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call. | ||||
CVE-2024-3100 | 1 Lenovo | 55 100w Gen 3 Firmware, 100w Gen 4 Firmware, 13w Yoga Firmware and 52 more | 2024-09-17 | 6.7 Medium |
A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code. | ||||
CVE-2022-3698 | 1 Lenovo | 2 Diagnostics, Hardwarescan Plugin | 2024-09-17 | 4.4 Medium |
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash. | ||||
CVE-2022-3699 | 1 Lenovo | 3 Diagnostics, Hardwarescan Addin, Hardwarescan Plugin | 2024-09-17 | 7.8 High |
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges. | ||||
CVE-2019-6192 | 1 Lenovo | 81 Power Management Driver, Thinkpad 13 Gen 2, Thinkpad 25 and 78 more | 2024-09-17 | 4.4 Medium |
A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service. | ||||
CVE-2020-8346 | 1 Lenovo | 1 System Interface Foundation | 2024-09-17 | 5.5 Medium |
A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations. | ||||
CVE-2018-9068 | 2 Ibm, Lenovo | 84 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs23 and 81 more | 2024-09-17 | N/A |
The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI. | ||||
CVE-2017-3761 | 1 Lenovo | 1 Service Framework | 2024-09-17 | N/A |
The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution. | ||||
CVE-2020-8326 | 1 Lenovo | 1 Drivers Management | 2024-09-17 | 7.3 High |
An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. | ||||
CVE-2019-6194 | 1 Lenovo | 1 Xclarity Administrator | 2024-09-17 | 5.7 Medium |
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure. | ||||
CVE-2019-6180 | 1 Lenovo | 1 Xclarity Administrator | 2024-09-17 | 4.8 Medium |
A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. | ||||
CVE-2019-6193 | 1 Lenovo | 1 Xclarity Administrator | 2024-09-17 | 7.5 High |
An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes. | ||||
CVE-2017-3764 | 1 Lenovo | 1 Xclarity Administrator | 2024-09-17 | N/A |
A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is exposed. |