Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-05 | CVE-2022-4432 | Out-of-bounds Read vulnerability in Lenovo Thinkpad X13S Firmware 1.46 A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. | 4.4 |
| 2023-01-05 | CVE-2022-4433 | Out-of-bounds Read vulnerability in Lenovo Thinkpad X13S Firmware 1.46 A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. | 4.4 |
| 2023-01-05 | CVE-2022-4434 | Out-of-bounds Read vulnerability in Lenovo Thinkpad X13S Firmware 1.46 A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure. | 4.4 |
| 2023-01-05 | CVE-2022-4435 | Out-of-bounds Read vulnerability in Lenovo Thinkpad X13S Firmware 1.46 A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. | 4.4 |
| 2022-12-26 | CVE-2019-19705 | Unquoted Search Path or Element vulnerability in Lenovo products Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading. | 7.8 |
| 2022-11-07 | CVE-2021-42205 | Unspecified vulnerability in Lenovo Elan Miniport Touchpad Driver ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice. | 4.7 |
| 2022-08-23 | CVE-2022-1513 | OS Command Injection vulnerability in Lenovo Pcmanager A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website. | 8.8 |
| 2022-05-18 | CVE-2021-3922 | Race Condition vulnerability in Lenovo System Interface Foundation A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe. | 7.0 |
| 2022-05-18 | CVE-2021-3956 | Incorrect Authorization vulnerability in Lenovo Xclarity Controller A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active Directory. | 5.3 |
| 2022-05-18 | CVE-2021-3969 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Lenovo System Interface Foundation A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges. | 7.0 |