Vulnerabilities > Lenovo

DATE CVE VULNERABILITY TITLE RISK
2022-12-26 CVE-2019-19705 Unquoted Search Path or Element vulnerability in Lenovo products
Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading.
local
low complexity
lenovo CWE-428
7.8
2022-11-07 CVE-2021-42205 Unspecified vulnerability in Lenovo Elan Miniport Touchpad Driver
ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice.
local
high complexity
lenovo
4.7
2022-08-23 CVE-2022-1513 OS Command Injection vulnerability in Lenovo Pcmanager
A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website.
network
low complexity
lenovo CWE-78
8.8
2022-05-18 CVE-2021-3922 Race Condition vulnerability in Lenovo System Interface Foundation
A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe.
local
high complexity
lenovo CWE-362
7.0
2022-05-18 CVE-2021-3956 Incorrect Authorization vulnerability in Lenovo Xclarity Controller
A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active Directory.
network
low complexity
lenovo CWE-863
5.3
2022-05-18 CVE-2021-3969 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Lenovo System Interface Foundation
A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges.
local
high complexity
lenovo CWE-367
7.0
2022-05-18 CVE-2021-42848 Missing Authorization vulnerability in Lenovo products
An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details.
network
low complexity
lenovo CWE-862
5.3
2022-05-18 CVE-2021-42849 Improper Authentication vulnerability in Lenovo products
A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access.
low complexity
lenovo CWE-287
6.8
2022-05-18 CVE-2021-42850 Use of Hard-coded Credentials vulnerability in Lenovo products
A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.
local
low complexity
lenovo CWE-798
7.8
2022-05-18 CVE-2021-42851 Unspecified vulnerability in Lenovo products
A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account.
network
low complexity
lenovo
5.3