Vulnerabilities > Lenovo
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-17 | CVE-2023-4029 | Unspecified vulnerability in Lenovo products A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
2023-08-17 | CVE-2023-4030 | Unspecified vulnerability in Lenovo products A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt. | 7.8 |
2023-06-26 | CVE-2023-2290 | Unspecified vulnerability in Lenovo products A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
2023-06-26 | CVE-2023-2992 | Unspecified vulnerability in Lenovo products An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. | 7.5 |
2023-06-26 | CVE-2023-2993 | Improper Preservation of Permissions vulnerability in Lenovo products A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute. | 6.3 |
2023-06-26 | CVE-2023-34418 | SQL Injection vulnerability in Lenovo Xclarity Administrator A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API. | 8.1 |
2023-06-26 | CVE-2023-34420 | OS Command Injection vulnerability in Lenovo Xclarity Administrator A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API. | 7.2 |
2023-06-26 | CVE-2023-34421 | Improper Input Validation vulnerability in Lenovo Xclarity Administrator A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation. | 6.5 |
2023-06-26 | CVE-2023-34422 | Improper Input Validation vulnerability in Lenovo Xclarity Administrator A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation. | 6.5 |
2023-06-26 | CVE-2023-3113 | XXE vulnerability in Lenovo Xclarity Administrator An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files. | 7.5 |