Vulnerabilities > Lenovo > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-10-30 CVE-2022-4574 Unspecified vulnerability in Lenovo products
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.
local
low complexity
lenovo
6.7
2023-10-30 CVE-2022-4575 Unspecified vulnerability in Lenovo products
A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.
local
low complexity
lenovo
6.7
2023-10-27 CVE-2022-3700 Unspecified vulnerability in Lenovo products
A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files.
local
high complexity
lenovo
6.3
2023-10-27 CVE-2022-34887 Unspecified vulnerability in Lenovo products
Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password.
network
low complexity
lenovo
5.4
2023-10-27 CVE-2022-3429 Unspecified vulnerability in Lenovo products
A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly.
network
low complexity
lenovo
6.5
2023-10-25 CVE-2022-3698 Unspecified vulnerability in Lenovo Diagnostics and Hardwarescan Plugin
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and  Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.
local
low complexity
lenovo
4.4
2023-10-25 CVE-2022-0353 Unspecified vulnerability in Lenovo products
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and  Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.
local
low complexity
lenovo
4.4
2023-10-09 CVE-2022-3728 Unspecified vulnerability in Lenovo products
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
low complexity
lenovo
6.8
2023-10-09 CVE-2022-48182 Unspecified vulnerability in Lenovo products
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
low complexity
lenovo
6.8
2023-10-09 CVE-2022-48183 Unspecified vulnerability in Lenovo products
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
low complexity
lenovo
6.8