Filtered by vendor Lenovo
Subscribe
Total
373 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43568 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2023-11-16 | N/A | 4.4 MEDIUM |
| A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. | |||||
| CVE-2023-43570 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2023-11-16 | N/A | 6.7 MEDIUM |
| A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code. | |||||
| CVE-2023-43569 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2023-11-16 | N/A | 6.7 MEDIUM |
| A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2023-43581 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2023-11-16 | N/A | 6.7 MEDIUM |
| A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2023-43580 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2023-11-16 | N/A | 6.7 MEDIUM |
| A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2023-43579 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2023-11-16 | N/A | 6.7 MEDIUM |
| A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2023-43578 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2023-11-16 | N/A | 6.7 MEDIUM |
| A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2023-43577 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2023-11-16 | N/A | 6.7 MEDIUM |
| A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2023-43576 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2023-11-16 | N/A | 6.7 MEDIUM |
| A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2023-43575 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2023-11-16 | N/A | 6.7 MEDIUM |
| A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2023-43574 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2023-11-15 | N/A | 4.4 MEDIUM |
| A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. | |||||
| CVE-2023-43573 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2023-11-15 | N/A | 6.7 MEDIUM |
| A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2023-43572 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2023-11-15 | N/A | 4.4 MEDIUM |
| A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. | |||||
| CVE-2023-43571 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2023-11-15 | N/A | 6.7 MEDIUM |
| A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2022-4574 | 1 Lenovo | 108 Thinkpad L14, Thinkpad L14 Firmware, Thinkpad L14 Gen 2 and 105 more | 2023-11-08 | N/A | 6.7 MEDIUM |
| An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | |||||
| CVE-2022-4575 | 1 Lenovo | 26 Thinkpad 25, Thinkpad 25 Firmware, Thinkpad L560 and 23 more | 2023-11-08 | N/A | 6.7 MEDIUM |
| A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot. | |||||
| CVE-2022-3702 | 1 Lenovo | 3 Hardware Scan Addin, Hardware Scan Plugin, System Update Plugin | 2023-11-07 | N/A | 7.1 HIGH |
| A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions. | |||||
| CVE-2022-3701 | 1 Lenovo | 3 Hardware Scan Addin, Hardware Scan Plugin, System Update Plugin | 2023-11-07 | N/A | 7.8 HIGH |
| A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges. | |||||
| CVE-2022-3700 | 1 Lenovo | 3 Hardware Scan Addin, Hardware Scan Plugin, System Update Plugin | 2023-11-07 | N/A | 6.3 MEDIUM |
| A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files. | |||||
| CVE-2022-3611 | 1 Lenovo | 1 App Store App | 2023-11-07 | N/A | 7.5 HIGH |
| An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications. | |||||