Skip to main content

Lenovo

299 CVEs vendor

Monthly

CVE-2024-27910 MEDIUM This Month

A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to reboot the printer without authentication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lenovo
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-27909 MEDIUM This Month

A denial of service vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in a system reboot. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-27908 MEDIUM This Month

A buffer overflow vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in denial of service. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Lenovo Denial Of Service
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-23592 MEDIUM This Month

An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Lenovo Microsoft
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-26700 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix MST Null Ptr for RV The change try to fix below error specific to RV platform: BUG: kernel NULL pointer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Linux Lenovo Denial Of Service Amd Null Pointer Dereference +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26605 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a potential deadlock when enabling ASPM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Lenovo Information Disclosure Qualcomm Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-6540 MEDIUM This Month

A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo RCE Google Code Injection Browser Hd +2
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-6338 HIGH This Week

Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Information Disclosure Universal Device Client
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-40238 MEDIUM POC This Month

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Lenovo Information Disclosure Esprimo D556 2 Firmware Esprimo D6011 Firmware Esprimo D6012 Firmware +182
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2023-43581 MEDIUM This Month

A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43580 MEDIUM This Month

A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43579 MEDIUM This Month

A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43578 MEDIUM This Month

A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43577 MEDIUM This Month

A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43576 MEDIUM This Month

A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43575 MEDIUM This Month

A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43574 MEDIUM This Month

A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware +108
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-43573 MEDIUM This Month

A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43572 MEDIUM This Month

A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware +108
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-43571 MEDIUM This Month

A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-5079 HIGH This Week

Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Lecloud
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-4891 MEDIUM PATCH This Month

A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Lenovo Denial Of Service Memory Corruption View Driver
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-4706 HIGH This Week

A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Microsoft Preload Directory
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-4632 HIGH PATCH This Week

An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Lenovo Information Disclosure System Update
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-43569 MEDIUM This Month

A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43568 MEDIUM This Month

A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware +108
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-43567 MEDIUM This Month

A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-4029 MEDIUM This Month

A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo K14 Type 21Cu Firmware K14 Type 21Cv Firmware +24
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-4028 MEDIUM This Month

A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo 13W Yoga Firmware 13W Yoga Gen 2 Firmware +27
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-3078 HIGH This Week

An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Information Disclosure Universal Device Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-34419 MEDIUM This Month

A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Legion 5 Pro 16Iah7H Firmware Legion 5 Pro 16Iah7 Firmware +28
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-0896 HIGH This Week

A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass Smart Clock Essential With Alexa Built In Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-25496 HIGH This Week

A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Authentication Bypass Drivers Management
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-1513 HIGH This Week

A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Lenovo Command Injection Pcmanager
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-1110 MEDIUM PATCH This Month

A buffer overflow vulnerability in Lenovo Smart Standby Driver prior to version 4.1.50.0 could allow a local attacker to cause denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Buffer Overflow Lenovo Smart Standby Driver
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-0636 MEDIUM This Month

A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Lenovo Thin Installer
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-0354 HIGH POC This Week

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Lenovo Information Disclosure System Update
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2022-0192 HIGH This Week

A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Pcmanager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-3786 MEDIUM PATCH This Month

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Lenovo Information Disclosure Thinkpad X380 Yoga Firmware Thinkpad X1 Fold Gen 1 Firmware Thinkpad Yoga 260 Firmware +130
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-3519 MEDIUM This Month

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass Ideacentre C5 14Mb05 Firmware Ideacentre 3 07Imb05 Firmware Ideacentre 5 14Imb05 Firmware +56
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2021-3633 HIGH POC This Week

A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Lenovo Jwt Attack Drivers Management
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-3617 HIGH This Week

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Command Injection Smart Camera C2E Firmware Smart Camera X3 Firmware Smart Camera X5 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2021-3616 CRITICAL Act Now

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass Smart Camera C2E Firmware Smart Camera X3 Firmware Smart Camera X5 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-3615 MEDIUM This Month

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Lenovo Code Injection Smart Camera C2E Firmware Smart Camera X3 Firmware +1
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2021-3614 MEDIUM This Month

A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Ideapad 1 11Ada05 Firmware Ideapad 1 14Ada05 Firmware V130 15Ikb Firmware +18
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2021-3550 HIGH This Week

A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Pcmanager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-3453 MEDIUM This Month

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Lenovo Information Disclosure Thinkpad Helix Firmware Thinkpad T550 Firmware +19
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2021-3464 HIGH This Week

A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Pcmanager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-3451 MEDIUM This Month

A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Lenovo Pcmanager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-3473 MEDIUM This Month

An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Xclarity Controller
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2021-3463 MEDIUM This Month

A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Microsoft Denial Of Service Lenovo Power Management Driver
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-3462 HIGH This Week

A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Lenovo Authentication Bypass Power Management Driver
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-3417 MEDIUM This Month

An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator (LXCA), if added as a Resource Manager, are encoded then written to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Xclarity Orchestrator
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2020-8351 HIGH This Week

A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation Pcmanager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8354 MEDIUM This Month

A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo Notebook Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-8353 MEDIUM POC This Month

Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Lenovo Intel Information Disclosure Thinkcentre M80T Firmware Thinkcentre M80S Firmware +12
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2020-8352 LOW Monitor

In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Thinkcentre E73 Firmware Thinkcentre M73 Firmware Qitian 4500 Firmware +13
NVD
CVSS 3.1
2.4
EPSS
0.3%
CVE-2020-8350 HIGH This Week

An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Privilege Escalation Authentication Bypass Thinkpad Stack Wireless Router Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-8349 CRITICAL Act Now

An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Lenovo Cloud Networking Operating System
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-8345 HIGH This Week

A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Privilege Escalation Hardware Scan
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8338 HIGH PATCH This Week

A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Lenovo Information Disclosure Diagnostics
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8332 MEDIUM This Month

A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Rated medium severity (CVSS 6.4). No vendor patch available.

RCE Lenovo IBM Bladecenter Hs23 Firmware Bladecenter Hs23E Firmware +16
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2020-8348 MEDIUM This Month

A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lenovo Enterprise Network Disk
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-8347 MEDIUM This Month

A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lenovo Enterprise Network Disk
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-8333 HIGH PATCH This Week

A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Lenovo 63 Firmware H50 30G Firmware M4500 Firmware +24
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8346 MEDIUM This Month

A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Lenovo Privilege Escalation System Interface Foundation
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-8342 HIGH PATCH This Week

A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. Rated high severity (CVSS 7.0).

Lenovo Privilege Escalation System Update
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2020-8340 MEDIUM This Month

A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lenovo IBM Integrated Management Module 2
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-8341 LOW Monitor

In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Thinkpad T490 20Nx Firmware Thinkpad T490 20Qx Firmware Thinkpad T490 20Rx Firmware +7
NVD
CVSS 3.1
2.4
EPSS
0.3%
CVE-2020-8335 MEDIUM This Month

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass Thinkpad A275 Firmware Thinkpad A285 Firmware Thinkpad A475 Firmware +5
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-15596 MEDIUM This Month

The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

HP Lenovo Dell Information Disclosure Elite X2 1012 G1 Firmware +13
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-8326 HIGH This Week

An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Drivers Management
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8317 HIGH This Week

A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Drivers Management
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8337 MEDIUM This Month

An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo Smart Audio Uwp
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-8336 MEDIUM This Month

Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Intel Information Disclosure Thinkpad E14 Firmware Thinkpad E15 Firmware +36
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-8334 MEDIUM This Month

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass Thinkpad T495S Firmware Thinkpad X395 Firmware Thinkpad T495 Firmware +4
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-8323 MEDIUM This Month

A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo 330 14Ast Firmware 330 15Ast Firmware 330 17Ast Firmware +169
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-8322 MEDIUM This Month

A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo 330 14Ast Firmware 330 15Ast Firmware 330 17Ast Firmware +48
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-8321 MEDIUM This Month

A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo 130 14Ast Firmware 130 14Ikb Firmware 130 15Ast Firmware +169
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-8330 HIGH This Week

A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service Lj4010Dn Firmware Lj6700Dn Firmware M8960Dnf Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-8329 HIGH This Week

A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service Lj4010Dn Firmware Lj6700Dn Firmware M8960Dnf Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-8327 HIGH This Week

A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation Vantage
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8324 MEDIUM This Month

A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Jwt Attack Information Disclosure System Interface Foundation
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-8319 HIGH This Week

A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation System Interface Foundation
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8318 HIGH This Week

A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation System Interface Foundation
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8316 MEDIUM This Month

A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Information Disclosure Vantage
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2019-6192 MEDIUM POC This Month

A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Lenovo Power Management Driver
NVD Exploit-DB
CVSS 3.1
4.4
EPSS
1.7%
CVE-2019-6183 HIGH This Week

A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Lenovo Microsoft Energy Management
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-6189 HIGH This Week

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure System Interface Foundation
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-6187 MEDIUM PATCH This Month

A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Lenovo Xclarity Controller
NVD
CVSS 3.1
6.5
EPSS
0.9%
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to reboot the printer without authentication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lenovo
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A denial of service vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in a system reboot. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A buffer overflow vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in denial of service. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Lenovo Denial Of Service
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Lenovo Microsoft
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix MST Null Ptr for RV The change try to fix below error specific to RV platform: BUG: kernel NULL pointer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Linux Lenovo Denial Of Service +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a potential deadlock when enabling ASPM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Lenovo Information Disclosure Qualcomm +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo RCE Google +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Information Disclosure Universal Device Client
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Lenovo Information Disclosure Esprimo D556 2 Firmware +184
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Lenovo Ideacentre C5 14Imb05 Firmware +110
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Lenovo Ideacentre C5 14Imb05 Firmware +110
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Lecloud
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Lenovo Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Microsoft +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Lenovo Information Disclosure System Update
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Lenovo Ideacentre C5 14Imb05 Firmware +110
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +26
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +29
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Information Disclosure Universal Device Client
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +30
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass Smart Clock Essential With Alexa Built In Firmware
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Authentication Bypass +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Lenovo Command Injection +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A buffer overflow vulnerability in Lenovo Smart Standby Driver prior to version 4.1.50.0 could allow a local attacker to cause denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Buffer Overflow Lenovo +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Lenovo +1
NVD
EPSS 0% CVSS 7.3
HIGH POC This Week

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Lenovo Information Disclosure System Update
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Pcmanager
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Lenovo Information Disclosure Thinkpad X380 Yoga Firmware +132
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass Ideacentre C5 14Mb05 Firmware +58
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Lenovo Jwt Attack +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Command Injection Smart Camera C2E Firmware +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass Smart Camera C2E Firmware +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Lenovo Code Injection +3
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Ideapad 1 11Ada05 Firmware +20
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Pcmanager
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Lenovo Information Disclosure +21
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Pcmanager
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Lenovo +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Xclarity Controller
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Microsoft Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Lenovo +2
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator (LXCA), if added as a Resource Manager, are encoded then written to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Xclarity Orchestrator
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation Pcmanager
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo Notebook Firmware
NVD
EPSS 1% CVSS 6.7
MEDIUM POC This Month

Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Lenovo Intel Information Disclosure +14
NVD
EPSS 0% CVSS 2.4
LOW Monitor

In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Thinkcentre E73 Firmware +15
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Privilege Escalation Authentication Bypass +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Lenovo Cloud Networking Operating System
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Privilege Escalation Hardware Scan
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Lenovo Information Disclosure Diagnostics
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Rated medium severity (CVSS 6.4). No vendor patch available.

RCE Lenovo IBM +18
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lenovo Enterprise Network Disk
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lenovo Enterprise Network Disk
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Lenovo 63 Firmware +26
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Lenovo Privilege Escalation +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. Rated high severity (CVSS 7.0).

Lenovo Privilege Escalation System Update
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lenovo IBM +1
NVD
EPSS 0% CVSS 2.4
LOW Monitor

In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Thinkpad T490 20Nx Firmware +9
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass Thinkpad A275 Firmware +7
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

HP Lenovo Dell +15
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Drivers Management
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Drivers Management
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo Smart Audio Uwp
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Intel Information Disclosure +38
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass Thinkpad T495S Firmware +6
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo 330 14Ast Firmware +171
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo 330 14Ast Firmware +50
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo 130 14Ast Firmware +171
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service Lj4010Dn Firmware +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service Lj4010Dn Firmware +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation Vantage
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Jwt Attack Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation System Interface Foundation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation System Interface Foundation
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Information Disclosure Vantage
NVD
EPSS 2% CVSS 4.4
MEDIUM POC This Month

A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Lenovo +1
NVD Exploit-DB
EPSS 2% CVSS 7.5
HIGH This Week

A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Lenovo Microsoft +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure System Interface Foundation
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Lenovo Xclarity Controller
NVD
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy