Vulnerabilities > Lenovo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-12 | CVE-2021-3720 | Unspecified vulnerability in Lenovo products An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data. | 5.5 |
| 2021-11-12 | CVE-2021-3786 | Unspecified vulnerability in Lenovo products A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range. | 5.5 |
| 2021-11-12 | CVE-2021-3843 | Unspecified vulnerability in Lenovo products A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
| 2021-08-17 | CVE-2021-3615 | Unspecified vulnerability in Lenovo products A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. low complexity lenovo | 6.8 |
| 2021-07-16 | CVE-2021-3452 | Unspecified vulnerability in Lenovo Bios A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
| 2021-07-16 | CVE-2021-3453 | Unspecified vulnerability in Lenovo products Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage. low complexity lenovo | 4.6 |
| 2021-07-16 | CVE-2021-3614 | Unspecified vulnerability in Lenovo products A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage. low complexity lenovo | 6.8 |
| 2021-04-27 | CVE-2021-3451 | Incorrect Default Permissions vulnerability in Lenovo Pcmanager A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations. | 5.5 |
| 2021-04-13 | CVE-2021-3473 | Cleartext Storage of Sensitive Information vulnerability in Lenovo Xclarity Controller An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. | 4.9 |
| 2021-04-13 | CVE-2021-3463 | NULL Pointer Dereference vulnerability in Lenovo Power Management Driver A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error. | 4.4 |