Filtered by vendor Lenovo
Subscribe
Total
386 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2992 | 1 Lenovo | 16 Nextscale N1200 Enclosure, Nextscale N1200 Enclosure Firmware, Thinkagile Cp-cb-10 and 13 more | 2024-11-21 | N/A | 7.5 HIGH |
| An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server. | |||||
| CVE-2023-2290 | 1 Lenovo | 170 Thinkpad E14, Thinkpad E14 Firmware, Thinkpad E14 Gen 2 and 167 more | 2024-11-21 | N/A | 6.4 MEDIUM |
| A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. | |||||
| CVE-2023-29058 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2024-11-21 | N/A | 6.4 MEDIUM |
| A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions. | |||||
| CVE-2023-29057 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2024-11-21 | N/A | 7.3 HIGH |
| A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”. | |||||
| CVE-2023-29056 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined. | |||||
| CVE-2023-25496 | 1 Lenovo | 1 Drivers Management | 2024-11-21 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges. | |||||
| CVE-2023-25495 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2024-11-21 | N/A | 4.9 MEDIUM |
| A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured | |||||
| CVE-2023-25492 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2024-11-21 | N/A | 6.3 MEDIUM |
| A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API. | |||||
| CVE-2023-0896 | 1 Lenovo | 2 Smart Clock Essential With Alexa Built In, Smart Clock Essential With Alexa Built In Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access. | |||||
| CVE-2023-0683 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2024-11-21 | N/A | 8.3 HIGH |
| A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call. | |||||
| CVE-2022-4816 | 1 Lenovo | 1 Safecenter | 2024-11-21 | N/A | 6.2 MEDIUM |
| A denial-of-service vulnerability has been identified in Lenovo Safecenter that could allow a local user to crash the application. | |||||
| CVE-2022-4575 | 1 Lenovo | 26 Thinkpad 25, Thinkpad 25 Firmware, Thinkpad L560 and 23 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot. | |||||
| CVE-2022-4574 | 1 Lenovo | 108 Thinkpad L14, Thinkpad L14 Firmware, Thinkpad L14 Gen 2 and 105 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | |||||
| CVE-2022-4573 | 1 Lenovo | 2 Thinkpad X1 Fold Gen 1, Thinkpad X1 Fold Gen 1 Firmware | 2024-11-21 | N/A | 6.7 MEDIUM |
| An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code. | |||||
| CVE-2022-4569 | 1 Lenovo | 2 Thinkpad Hybrid Usb-c With Usb-a Dock, Thinkpad Hybrid Usb-c With Usb-a Dock Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation. | |||||
| CVE-2022-4435 | 1 Lenovo | 2 Thinkpad X13s, Thinkpad X13s Firmware | 2024-11-21 | N/A | 6.7 MEDIUM |
| A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. | |||||
| CVE-2022-4434 | 1 Lenovo | 2 Thinkpad X13s, Thinkpad X13s Firmware | 2024-11-21 | N/A | 6.7 MEDIUM |
| A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure. | |||||
| CVE-2022-4433 | 1 Lenovo | 2 Thinkpad X13s, Thinkpad X13s Firmware | 2024-11-21 | N/A | 6.7 MEDIUM |
| A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. | |||||
| CVE-2022-4432 | 1 Lenovo | 2 Thinkpad X13s, Thinkpad X13s Firmware | 2024-11-21 | N/A | 6.7 MEDIUM |
| A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. | |||||
| CVE-2022-48189 | 1 Lenovo | 170 Thinkpad E14, Thinkpad E14 Firmware, Thinkpad E14 Gen 2 and 167 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | |||||