Filtered by vendor Lenovo Subscriptions
Total 392 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-3742 1 Lenovo 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more 2024-10-09 6.7 Medium
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation.
CVE-2023-3078 1 Lenovo 1 Universal Device Client 2024-10-08 7.8 High
An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
CVE-2023-4028 1 Lenovo 61 13w Yoga, 13w Yoga Firmware, 13w Yoga Gen 2 and 58 more 2024-10-08 6.7 Medium
A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2023-4029 1 Lenovo 53 K14 Type 21cu, K14 Type 21cu Firmware, K14 Type 21cv and 50 more 2024-10-08 6.7 Medium
A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2023-4030 1 Lenovo 9 Thinkpad, Thinkpad P14s Gen 2, Thinkpad P14s Gen 2 Firmware and 6 more 2024-10-08 8.4 High
A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.
CVE-2022-3743 1 Lenovo 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more 2024-10-01 4.4 Medium
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands.
CVE-2022-3745 1 Lenovo 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more 2024-10-01 4.4 Medium
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI.
CVE-2022-3431 1 Lenovo 51 D330-10igl, D330-10igl Firmware, Ideapad 5 Pro-16ach6 and 48 more 2024-09-19 6.7 Medium
A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
CVE-2022-3728 1 Lenovo 4 Thinkpad T14s Gen 3, Thinkpad T14s Gen 3 Firmware, Thinkpad X13 Gen 3 and 1 more 2024-09-19 6.1 Medium
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
CVE-2022-48182 3 Lenovo, Linux, Microsoft 6 Thinkpad T14s Gen 3, Thinkpad T14s Gen 3 Firmware, Thinkpad X13 Gen 3 and 3 more 2024-09-19 6.1 Medium
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
CVE-2022-48183 3 Lenovo, Linux, Microsoft 6 Thinkpad T14s Gen 3, Thinkpad T14s Gen 3 Firmware, Thinkpad X13 Gen 3 and 3 more 2024-09-19 6.1 Medium
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
CVE-2024-45103 4 Emc, Lenovo, Microsoft and 1 more 4 Vmware, Xclarity Administrator, Windows and 1 more 2024-09-19 4.3 Medium
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.
CVE-2024-45104 4 Emc, Lenovo, Microsoft and 1 more 4 Vmware, Xclarity Administrator, Windows and 1 more 2024-09-19 6.3 Medium
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.
CVE-2024-3100 1 Lenovo 55 100w Gen 3 Firmware, 100w Gen 4 Firmware, 13w Yoga Firmware and 52 more 2024-09-17 6.7 Medium
A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code.
CVE-2022-3698 1 Lenovo 2 Diagnostics, Hardwarescan Plugin 2024-09-17 4.4 Medium
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and  Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.
CVE-2022-3699 1 Lenovo 3 Diagnostics, Hardwarescan Addin, Hardwarescan Plugin 2024-09-17 7.8 High
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges.
CVE-2019-6192 1 Lenovo 81 Power Management Driver, Thinkpad 13 Gen 2, Thinkpad 25 and 78 more 2024-09-17 4.4 Medium
A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.
CVE-2020-8346 1 Lenovo 1 System Interface Foundation 2024-09-17 5.5 Medium
A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations.
CVE-2018-9068 2 Ibm, Lenovo 84 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs23 and 81 more 2024-09-17 N/A
The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI.
CVE-2017-3761 1 Lenovo 1 Service Framework 2024-09-17 N/A
The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution.