Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-08 | CVE-2023-5075 | Classic Buffer Overflow vulnerability in Lenovo Ideapad Duet 3 10Igl5 Firmware Eqcn37Ww A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code. | 6.7 |
| 2023-11-08 | CVE-2023-5078 | Improper Initialization vulnerability in Lenovo products A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware. | 6.7 |
| 2023-11-08 | CVE-2023-5079 | Improper Input Validation vulnerability in Lenovo Lecloud Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure. | 7.5 |
| 2023-10-30 | CVE-2022-48189 | Unspecified vulnerability in Lenovo products An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
| 2023-10-30 | CVE-2022-4573 | Unspecified vulnerability in Lenovo Thinkpad X1 Fold GEN 1 Firmware An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
| 2023-10-30 | CVE-2022-4574 | Unspecified vulnerability in Lenovo products An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
| 2023-10-30 | CVE-2022-4575 | Incorrect Default Permissions vulnerability in Lenovo products A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot. | 6.7 |
| 2023-10-27 | CVE-2022-3611 | Information Exposure vulnerability in Lenovo APP Store APP An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications. | 7.5 |
| 2023-10-27 | CVE-2022-3700 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Lenovo products A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files. | 6.3 |
| 2023-10-27 | CVE-2022-3701 | Improper Privilege Management vulnerability in Lenovo products A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges. | 7.8 |