Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2290 | 1 Lenovo | 170 Thinkpad E14, Thinkpad E14 Firmware, Thinkpad E14 Gen 2 and 167 more | 2024-11-21 | N/A | 6.4 MEDIUM |
| A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. | |||||
| CVE-2022-4574 | 1 Lenovo | 108 Thinkpad L14, Thinkpad L14 Firmware, Thinkpad L14 Gen 2 and 105 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | |||||
| CVE-2022-48189 | 1 Lenovo | 170 Thinkpad E14, Thinkpad E14 Firmware, Thinkpad E14 Gen 2 and 167 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | |||||
| CVE-2022-40134 | 1 Lenovo | 650 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 647 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. | |||||
| CVE-2021-3786 | 1 Lenovo | 266 Ideapad S940-14iwl, Ideapad S940-14iwl Firmware, Ideapad Yoga S940-14iwl and 263 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range. | |||||
| CVE-2021-3599 | 1 Lenovo | 266 Ideapad S940-14iwl, Ideapad S940-14iwl Firmware, Ideapad Yoga S940-14iwl and 263 more | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. | |||||
| CVE-2019-18619 | 3 Hp, Lenovo, Synaptics | 224 Envy - 13t-ah100, Envy - 13t-ah100 Firmware, Envy - 13t-aq100 and 221 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers. | |||||
| CVE-2019-18618 | 3 Hp, Lenovo, Synaptics | 266 Elite Slice, Elite Slice Firmware, Elite X2 1012 G2 and 263 more | 2024-11-21 | 3.6 LOW | 6.0 MEDIUM |
| Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table. | |||||