Filtered by vendor Lenovo
Subscribe
Total
386 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5078 | 1 Lenovo | 40 Thinkpad L13 Gen 2, Thinkpad L13 Gen 2 Firmware, Thinkpad L13 Gen 3 and 37 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware. | |||||
| CVE-2023-5075 | 1 Lenovo | 2 Ideapad Duet 3 10igl5, Ideapad Duet 3 10igl5 Firmware | 2024-11-21 | N/A | 6.7 MEDIUM |
| A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2023-4891 | 2 Lenovo, Microsoft | 2 View Driver, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
| A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service. | |||||
| CVE-2023-4706 | 1 Lenovo | 1 Preload Directory | 2024-11-21 | N/A | 7.3 HIGH |
| A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges. | |||||
| CVE-2023-4632 | 1 Lenovo | 1 System Update | 2024-11-21 | N/A | 7.8 HIGH |
| An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges. | |||||
| CVE-2023-4608 | 1 Lenovo | 104 Thinkagile Hx1331, Thinkagile Hx1331 Firmware, Thinkagile Hx2330 and 101 more | 2024-11-21 | N/A | 4.1 MEDIUM |
| An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. | |||||
| CVE-2023-4607 | 1 Lenovo | 231 Thinkagile Hx1021 Edg, Thinkagile Hx1021 Edg Firmware, Thinkagile Hx1320 and 228 more | 2024-11-21 | N/A | 7.5 HIGH |
| An authenticated XCC user can change permissions for any user through a crafted API command. | |||||
| CVE-2023-4606 | 1 Lenovo | 104 Thinkagile Hx1331, Thinkagile Hx1331 Firmware, Thinkagile Hx2330 and 101 more | 2024-11-21 | N/A | 8.1 HIGH |
| An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. | |||||
| CVE-2023-4030 | 1 Lenovo | 8 Thinkpad P14s Gen 2, Thinkpad P14s Gen 2 Firmware, Thinkpad P15s Gen 2 and 5 more | 2024-11-21 | N/A | 8.4 HIGH |
| A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt. | |||||
| CVE-2023-4029 | 1 Lenovo | 52 K14 Type 21cu, K14 Type 21cu Firmware, K14 Type 21cv and 49 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code. | |||||
| CVE-2023-4028 | 1 Lenovo | 58 13w Yoga, 13w Yoga Firmware, 13w Yoga Gen 2 and 55 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code. | |||||
| CVE-2023-45079 | 1 Lenovo | 122 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 119 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. | |||||
| CVE-2023-45078 | 1 Lenovo | 122 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 119 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. | |||||
| CVE-2023-45077 | 1 Lenovo | 122 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 119 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. | |||||
| CVE-2023-45076 | 1 Lenovo | 122 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 119 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. | |||||
| CVE-2023-45075 | 1 Lenovo | 122 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 119 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. | |||||
| CVE-2023-43581 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2023-43580 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2023-43579 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2023-43578 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | |||||