Vulnerabilities > Lenovo > High

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2022-1892 Classic Buffer Overflow vulnerability in Lenovo products
A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
local
low complexity
lenovo CWE-120
7.8
2023-01-20 CVE-2022-1109 Incorrect Default Permissions vulnerability in Lenovo Leyun
An incorrect default permissions vulnerability in Lenovo Leyun cloud music application could allow denial of service.
network
low complexity
lenovo CWE-276
7.5
2022-12-26 CVE-2019-19705 Unquoted Search Path or Element vulnerability in Lenovo products
Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading.
local
low complexity
lenovo CWE-428
7.8
2022-08-23 CVE-2022-1513 OS Command Injection vulnerability in Lenovo Pcmanager
A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website.
network
low complexity
lenovo CWE-78
8.8
2022-05-18 CVE-2021-3922 Race Condition vulnerability in Lenovo System Interface Foundation
A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe.
local
high complexity
lenovo CWE-362
7.0
2022-05-18 CVE-2021-3969 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Lenovo System Interface Foundation
A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges.
local
high complexity
lenovo CWE-367
7.0
2022-05-18 CVE-2021-42850 Use of Hard-coded Credentials vulnerability in Lenovo products
A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.
local
low complexity
lenovo CWE-798
7.8
2022-05-18 CVE-2021-42852 OS Command Injection vulnerability in Lenovo products
A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device.
low complexity
lenovo CWE-78
8.0
2022-04-22 CVE-2022-0192 Uncontrolled Search Path Element vulnerability in Lenovo Pcmanager
A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation.
local
low complexity
lenovo CWE-427
7.8
2022-04-22 CVE-2022-0354 Unspecified vulnerability in Lenovo System Update
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.
local
low complexity
lenovo
7.8