Vulnerabilities > Lenovo > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-23 | CVE-2022-3742 | Unspecified vulnerability in Lenovo products A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation. | 6.7 |
2023-08-23 | CVE-2022-3743 | Unspecified vulnerability in Lenovo products A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands. | 4.4 |
2023-08-23 | CVE-2022-3744 | Unspecified vulnerability in Lenovo products A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential. | 6.7 |
2023-08-23 | CVE-2022-3745 | Unspecified vulnerability in Lenovo products A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI. | 4.4 |
2023-08-23 | CVE-2022-3746 | Unspecified vulnerability in Lenovo products A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface. | 6.7 |
2023-08-17 | CVE-2023-34419 | Unspecified vulnerability in Lenovo products A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
2023-08-17 | CVE-2023-4028 | Classic Buffer Overflow vulnerability in Lenovo products A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
2023-08-17 | CVE-2023-4029 | Unspecified vulnerability in Lenovo products A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
2023-06-26 | CVE-2023-2290 | Unspecified vulnerability in Lenovo products A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
2023-06-26 | CVE-2023-2993 | Improper Preservation of Permissions vulnerability in Lenovo products A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute. | 6.3 |