Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-12 | CVE-2021-3719 | Unspecified vulnerability in Lenovo products A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
| 2021-11-12 | CVE-2021-3720 | Unspecified vulnerability in Lenovo products An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data. | 5.5 |
| 2021-11-12 | CVE-2021-3786 | Unspecified vulnerability in Lenovo products A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range. | 5.5 |
| 2021-11-12 | CVE-2021-3840 | Uncontrolled Search Path Element vulnerability in Lenovo Antilles 1.0.0 A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). | 8.8 |
| 2021-11-12 | CVE-2021-3843 | Unspecified vulnerability in Lenovo products A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
| 2021-08-17 | CVE-2021-3615 | Unspecified vulnerability in Lenovo products A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. low complexity lenovo | 6.8 |
| 2021-08-17 | CVE-2021-3616 | Unspecified vulnerability in Lenovo products A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. | 9.8 |
| 2021-08-17 | CVE-2021-3617 | Command Injection vulnerability in Lenovo products A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. | 7.2 |
| 2021-08-17 | CVE-2021-3633 | Uncontrolled Search Path Element vulnerability in Lenovo Drivers Management 2.7.1128.1046 A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation. | 7.8 |
| 2021-07-16 | CVE-2021-3452 | Unspecified vulnerability in Lenovo Bios A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |