Skip to main content

Thinkcentre M70S Firmware

21 CVEs product

Monthly

CVE-2023-45079 MEDIUM This Month

A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware +58
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-45078 MEDIUM This Month

A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware +58
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-45077 MEDIUM This Month

A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware +58
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-45076 MEDIUM This Month

A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware +58
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-45075 MEDIUM This Month

A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware +58
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43581 MEDIUM This Month

A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43580 MEDIUM This Month

A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43579 MEDIUM This Month

A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43578 MEDIUM This Month

A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43577 MEDIUM This Month

A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43576 MEDIUM This Month

A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43575 MEDIUM This Month

A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43574 MEDIUM This Month

A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware +108
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-43573 MEDIUM This Month

A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43572 MEDIUM This Month

A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware +108
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-43571 MEDIUM This Month

A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43570 MEDIUM This Month

A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware Ideacentre 5 14Iab7 Firmware +107
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43569 MEDIUM This Month

A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43568 MEDIUM This Month

A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware +108
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-43567 MEDIUM This Month

A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-3519 MEDIUM This Month

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass Ideacentre C5 14Mb05 Firmware Ideacentre 3 07Imb05 Firmware Ideacentre 5 14Imb05 Firmware +56
NVD
CVSS 3.1
6.8
EPSS
0.2%
EPSS 0% CVSS 6.7
MEDIUM This Month

A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ideacentre C5 14Imb05 Firmware +60
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ideacentre C5 14Imb05 Firmware +60
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ideacentre C5 14Imb05 Firmware +60
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ideacentre C5 14Imb05 Firmware +60
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ideacentre C5 14Imb05 Firmware +60
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Lenovo Ideacentre C5 14Imb05 Firmware +110
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Lenovo Ideacentre C5 14Imb05 Firmware +110
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Lenovo Ideacentre C5 14Imb05 Firmware +110
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +111
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass Ideacentre C5 14Mb05 Firmware +58
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy