Filtered by vendor Lenovo Subscriptions
Total 403 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-3743 1 Lenovo 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more 2024-10-01 4.4 Medium
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands.
CVE-2022-3745 1 Lenovo 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more 2024-10-01 4.4 Medium
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI.
CVE-2022-3431 1 Lenovo 51 D330-10igl, D330-10igl Firmware, Ideapad 5 Pro-16ach6 and 48 more 2024-09-19 6.7 Medium
A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
CVE-2022-3728 1 Lenovo 4 Thinkpad T14s Gen 3, Thinkpad T14s Gen 3 Firmware, Thinkpad X13 Gen 3 and 1 more 2024-09-19 6.1 Medium
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
CVE-2022-48182 3 Lenovo, Linux, Microsoft 6 Thinkpad T14s Gen 3, Thinkpad T14s Gen 3 Firmware, Thinkpad X13 Gen 3 and 3 more 2024-09-19 6.1 Medium
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
CVE-2022-48183 3 Lenovo, Linux, Microsoft 6 Thinkpad T14s Gen 3, Thinkpad T14s Gen 3 Firmware, Thinkpad X13 Gen 3 and 3 more 2024-09-19 6.1 Medium
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
CVE-2024-45103 4 Emc, Lenovo, Microsoft and 1 more 4 Vmware, Xclarity Administrator, Windows and 1 more 2024-09-19 4.3 Medium
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.
CVE-2024-45104 4 Emc, Lenovo, Microsoft and 1 more 4 Vmware, Xclarity Administrator, Windows and 1 more 2024-09-19 6.3 Medium
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.
CVE-2024-3100 1 Lenovo 55 100w Gen 3 Firmware, 100w Gen 4 Firmware, 13w Yoga Firmware and 52 more 2024-09-17 6.7 Medium
A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code.
CVE-2022-3698 1 Lenovo 2 Diagnostics, Hardwarescan Plugin 2024-09-17 4.4 Medium
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and  Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.
CVE-2022-3699 1 Lenovo 3 Diagnostics, Hardwarescan Addin, Hardwarescan Plugin 2024-09-17 7.8 High
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges.
CVE-2019-6192 1 Lenovo 81 Power Management Driver, Thinkpad 13 Gen 2, Thinkpad 25 and 78 more 2024-09-17 4.4 Medium
A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.
CVE-2020-8346 1 Lenovo 1 System Interface Foundation 2024-09-17 5.5 Medium
A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations.
CVE-2018-9068 2 Ibm, Lenovo 84 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs23 and 81 more 2024-09-17 N/A
The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI.
CVE-2017-3761 1 Lenovo 1 Service Framework 2024-09-17 N/A
The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution.
CVE-2020-8326 1 Lenovo 1 Drivers Management 2024-09-17 7.3 High
An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.
CVE-2019-6194 1 Lenovo 1 Xclarity Administrator 2024-09-17 5.7 Medium
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure.
CVE-2019-6180 1 Lenovo 1 Xclarity Administrator 2024-09-17 4.8 Medium
A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.
CVE-2019-6193 1 Lenovo 1 Xclarity Administrator 2024-09-17 7.5 High
An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes.
CVE-2017-3764 1 Lenovo 1 Xclarity Administrator 2024-09-17 N/A
A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is exposed.