Vulnerabilities > Lenovo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-30 | CVE-2022-40137 | Classic Buffer Overflow vulnerability in Lenovo products A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code. | 6.7 |
| 2023-01-26 | CVE-2022-3432 | Incorrect Default Permissions vulnerability in Lenovo Ideapad Y700-14Isk Firmware A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | 6.7 |
| 2023-01-23 | CVE-2022-3430 | Incorrect Default Permissions vulnerability in Lenovo products A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | 6.7 |
| 2023-01-23 | CVE-2022-4816 | Unspecified vulnerability in Lenovo Safecenter A denial-of-service vulnerability has been identified in Lenovo Safecenter that could allow a local user to crash the application. | 5.5 |
| 2023-01-05 | CVE-2022-4432 | Out-of-bounds Read vulnerability in Lenovo Thinkpad X13S Firmware 1.46 A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. | 4.4 |
| 2023-01-05 | CVE-2022-4433 | Out-of-bounds Read vulnerability in Lenovo Thinkpad X13S Firmware 1.46 A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. | 4.4 |
| 2023-01-05 | CVE-2022-4434 | Out-of-bounds Read vulnerability in Lenovo Thinkpad X13S Firmware 1.46 A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure. | 4.4 |
| 2023-01-05 | CVE-2022-4435 | Out-of-bounds Read vulnerability in Lenovo Thinkpad X13S Firmware 1.46 A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. | 4.4 |
| 2022-11-07 | CVE-2021-42205 | Unspecified vulnerability in Lenovo Elan Miniport Touchpad Driver ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice. | 4.7 |
| 2022-05-18 | CVE-2021-3956 | Incorrect Authorization vulnerability in Lenovo Xclarity Controller A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active Directory. | 5.3 |