Vulnerabilities > Lenovo > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-19 | CVE-2023-5081 | Unspecified vulnerability in Lenovo products An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. | 3.3 |
2021-11-12 | CVE-2021-3786 | Unspecified vulnerability in Lenovo products A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range. | 2.1 |
2021-11-12 | CVE-2021-3720 | Unspecified vulnerability in Lenovo products An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data. | 2.1 |
2021-07-16 | CVE-2021-3453 | Unspecified vulnerability in Lenovo products Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage. | 2.1 |
2021-04-27 | CVE-2021-3451 | Incorrect Default Permissions vulnerability in Lenovo Pcmanager 3.0.200.2042/3.0.50.9162 A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations. | 2.1 |
2021-03-09 | CVE-2020-8357 | Incorrect Default Permissions vulnerability in Lenovo Pcmanager 3.0.50.9162 A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations. | 2.1 |
2020-11-11 | CVE-2020-8352 | Unspecified vulnerability in Lenovo products In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes. | 2.1 |
2020-09-15 | CVE-2020-8346 | Incorrect Default Permissions vulnerability in Lenovo System Interface Foundation 1.1.18.3/1.1.19.3 A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations. | 2.1 |
2020-09-01 | CVE-2020-8341 | Unspecified vulnerability in Lenovo products In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. | 2.1 |
2020-07-22 | CVE-2019-18618 | Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table. | 3.6 |