Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-18 | CVE-2021-42848 | Missing Authorization vulnerability in Lenovo products An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details. | 5.3 |
| 2022-05-18 | CVE-2021-42849 | Improper Authentication vulnerability in Lenovo products A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access. | 6.8 |
| 2022-05-18 | CVE-2021-42850 | Use of Hard-coded Credentials vulnerability in Lenovo products A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access. | 7.8 |
| 2022-05-18 | CVE-2021-42851 | Unspecified vulnerability in Lenovo products A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account. | 5.3 |
| 2022-05-18 | CVE-2021-42852 | OS Command Injection vulnerability in Lenovo products A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device. | 8.0 |
| 2022-05-18 | CVE-2022-1110 | Classic Buffer Overflow vulnerability in Lenovo Smart Standby Driver A buffer overflow vulnerability in Lenovo Smart Standby Driver prior to version 4.1.50.0 could allow a local attacker to cause denial of service. | 5.5 |
| 2022-04-22 | CVE-2021-3721 | Out-of-bounds Write vulnerability in Lenovo Pcmanager A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error. | 5.5 |
| 2022-04-22 | CVE-2021-3722 | Incorrect Default Permissions vulnerability in Lenovo Pcmanager A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation. | 5.0 |
| 2022-04-22 | CVE-2021-3849 | An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. | 9.8 |
| 2022-04-22 | CVE-2021-3897 | An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. | 9.8 |