Vulnerabilities > Lenovo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-28 | CVE-2023-25496 | Unspecified vulnerability in Lenovo Drivers Management 2.7.1128.1046 A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges. | 7.8 |
| 2023-04-28 | CVE-2023-29057 | Unspecified vulnerability in Lenovo products A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. | 8.8 |
| 2023-01-26 | CVE-2022-1890 | Out-of-bounds Write vulnerability in Lenovo products A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code. | 7.8 |
| 2023-01-26 | CVE-2022-1891 | Classic Buffer Overflow vulnerability in Lenovo products A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code. | 7.8 |
| 2023-01-26 | CVE-2022-1892 | Classic Buffer Overflow vulnerability in Lenovo products A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code. | 7.8 |
| 2023-01-20 | CVE-2022-1109 | Incorrect Default Permissions vulnerability in Lenovo Leyun An incorrect default permissions vulnerability in Lenovo Leyun cloud music application could allow denial of service. | 7.5 |
| 2022-12-26 | CVE-2019-19705 | Unquoted Search Path or Element vulnerability in Lenovo products Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading. | 7.8 |
| 2022-08-23 | CVE-2022-1513 | OS Command Injection vulnerability in Lenovo Pcmanager A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website. | 8.8 |
| 2022-05-18 | CVE-2021-42852 | OS Command Injection vulnerability in Lenovo products A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device. | 7.7 |
| 2022-04-22 | CVE-2021-3897 | An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. | 7.5 |