Vulnerabilities > Lenovo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-30 | CVE-2022-4573 | Unspecified vulnerability in Lenovo Thinkpad X1 Fold GEN 1 Firmware An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
| 2023-10-30 | CVE-2022-4574 | Unspecified vulnerability in Lenovo products An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
| 2023-10-30 | CVE-2022-4575 | Incorrect Default Permissions vulnerability in Lenovo products A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot. | 6.7 |
| 2023-10-27 | CVE-2022-3700 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Lenovo products A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files. | 6.3 |
| 2023-10-27 | CVE-2022-34887 | Improper Authentication vulnerability in Lenovo products Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password. | 5.4 |
| 2023-10-27 | CVE-2022-3429 | Unspecified vulnerability in Lenovo products A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly. | 6.5 |
| 2023-10-25 | CVE-2022-3698 | Unspecified vulnerability in Lenovo Diagnostics and Hardwarescan Plugin A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash. | 4.4 |
| 2023-10-25 | CVE-2022-0353 | Unspecified vulnerability in Lenovo products A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash. | 4.4 |
| 2023-10-09 | CVE-2022-3728 | Insufficient Physical Protection Mechanism vulnerability in Lenovo products A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. | 6.8 |
| 2023-10-09 | CVE-2022-48182 | Insufficient Physical Protection Mechanism vulnerability in Lenovo products A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. | 6.8 |