Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-23 | CVE-2022-3746 | Improper Access Control vulnerability in Lenovo products A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface. | 6.7 |
| 2023-08-17 | CVE-2023-34419 | Classic Buffer Overflow vulnerability in Lenovo products A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
| 2023-08-17 | CVE-2023-3078 | Uncontrolled Search Path Element vulnerability in Lenovo Universal Device Client An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. | 7.8 |
| 2023-08-17 | CVE-2023-4028 | Classic Buffer Overflow vulnerability in Lenovo products A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
| 2023-08-17 | CVE-2023-4029 | Classic Buffer Overflow vulnerability in Lenovo products A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
| 2023-08-17 | CVE-2023-4030 | Failing Open vulnerability in Lenovo products A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt. | 7.8 |
| 2023-06-26 | CVE-2023-2290 | Unspecified vulnerability in Lenovo products A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
| 2023-06-26 | CVE-2023-2992 | Unspecified vulnerability in Lenovo products An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. | 7.5 |
| 2023-06-26 | CVE-2023-2993 | Improper Preservation of Permissions vulnerability in Lenovo products A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute. | 6.3 |
| 2023-06-26 | CVE-2023-34418 | SQL Injection vulnerability in Lenovo Xclarity Administrator A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API. | 8.1 |