Vulnerabilities in Lenovo
369 resultsCVE-2023-45079MEDIUMA memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write toEPSS 0.2%CVE-2023-45078MEDIUMA memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges toEPSS 0.2%CVE-2023-45075MEDIUMA memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to writeEPSS 0.2%CVE-2023-45076MEDIUMA memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to EPSS 0.2%CVE-2023-5078MEDIUMA vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOEPSS 0.2%CVE-2023-43572MEDIUMA buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevaEPSS 0.2%CVE-2023-43568MEDIUMA buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with eleEPSS 0.2%CVE-2023-43574MEDIUMA buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attackeEPSS 0.2%CVE-2021-3720MEDIUMAn information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (LEPSS 0.2%CVE-2021-3463MEDIUMA null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause sysEPSS 0.2%CVE-2020-8357MEDIUMA denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to bEPSS 0.2%CVE-2021-3718MEDIUMA denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics settiEPSS 0.2%CVE-2024-4550MEDIUMA potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attackeEPSS 0.2%CVE-2023-3078HIGHAn uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local aEPSS 0.2%CVE-2023-6338HIGHUncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local aEPSS 0.2%CVE-2022-3431MEDIUMA potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deaEPSS 0.2%CVE-2023-4891MEDIUM
A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service.
EPSS 0.2%CVE-2022-0353MEDIUM
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to
1.3.1.2
and
Lenovo Diagnostics versEPSS 0.2%CVE-2022-3698MEDIUM
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to
1.3.1.2
and
Lenovo Diagnostics versEPSS 0.2%CVE-2024-45104MEDIUMA valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device thrEPSS 0.2%