Vulnerabilities > Lenovo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-05 | CVE-2022-48181 | Out-of-bounds Write vulnerability in Lenovo products An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code. | 7.8 |
| 2023-06-05 | CVE-2022-48188 | Out-of-bounds Write vulnerability in Lenovo products A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code. | 7.8 |
| 2023-06-05 | CVE-2022-4569 | Unspecified vulnerability in Lenovo Thinkpad Hybrid Usb-C With Usb-A Dock Firmware A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation. | 7.8 |
| 2023-05-01 | CVE-2022-48186 | Improper Certificate Validation vulnerability in Lenovo Baiying A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure. | 7.5 |
| 2023-05-01 | CVE-2022-4568 | Incorrect Default Permissions vulnerability in Lenovo System Update A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges. | 7.8 |
| 2023-05-01 | CVE-2023-0683 | Unspecified vulnerability in Lenovo products A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call. | 8.8 |
| 2023-05-01 | CVE-2023-25492 | Use of Externally-Controlled Format String vulnerability in Lenovo products A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API. | 8.8 |
| 2023-05-01 | CVE-2023-0896 | Unspecified vulnerability in Lenovo Smart Clock Essential With Alexa Built in Firmware A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access. low complexity lenovo | 8.8 |
| 2023-04-28 | CVE-2023-25496 | Unspecified vulnerability in Lenovo Drivers Management 2.7.1128.1046 A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges. | 7.8 |
| 2023-04-28 | CVE-2023-29057 | Unspecified vulnerability in Lenovo products A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. | 8.8 |