Vulnerabilities > Lenovo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2022-1890 | Out-of-bounds Write vulnerability in Lenovo products A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code. | 7.8 |
| 2023-01-26 | CVE-2022-1891 | Classic Buffer Overflow vulnerability in Lenovo products A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code. | 7.8 |
| 2023-01-26 | CVE-2022-1892 | Classic Buffer Overflow vulnerability in Lenovo products A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code. | 7.8 |
| 2023-01-20 | CVE-2022-1109 | Incorrect Default Permissions vulnerability in Lenovo Leyun An incorrect default permissions vulnerability in Lenovo Leyun cloud music application could allow denial of service. | 7.5 |
| 2022-12-26 | CVE-2019-19705 | Unquoted Search Path or Element vulnerability in Lenovo products Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading. | 7.8 |
| 2022-08-23 | CVE-2022-1513 | OS Command Injection vulnerability in Lenovo Pcmanager A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website. | 8.8 |
| 2022-05-18 | CVE-2021-3922 | Race Condition vulnerability in Lenovo System Interface Foundation A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe. | 7.0 |
| 2022-05-18 | CVE-2021-3969 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Lenovo System Interface Foundation A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges. | 7.0 |
| 2022-05-18 | CVE-2021-42850 | Use of Hard-coded Credentials vulnerability in Lenovo products A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access. | 7.8 |
| 2022-05-18 | CVE-2021-42852 | OS Command Injection vulnerability in Lenovo products A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device. | 8.0 |