13 results (0.024 seconds)

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell. • https://support.lenovo.com/us/en/product_security/LEN-165524 • CWE-489: Active Debug Code •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

A potential vulnerability were reported in the BIOS of some Desktop, Smart Edge, and ThinkStation products that could allow a local attacker with elevated privileges to write to NVRAM variables. Se informó una vulnerabilidad potencial en el BIOS de algunos productos de escritorio, Smart Edge y ThinkStation que podría permitir que un atacante local con privilegios elevados escriba en variables NVRAM. • https://support.lenovo.com/us/en/product_security/LEN-141775 • CWE-125: Out-of-bounds Read •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code. Se informó una vulnerabilidad potencial en el controlador de la herramienta de actualización del BIOS para algunos productos Desktop, Smart Edge, Smart Office y ThinkStation que podría permitir a un usuario local con privilegios elevados ejecutar código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-141775 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

A potential memory leakage vulnerability was reported in some Lenovo Notebook products that may allow a local attacker with elevated privileges to write to NVRAM variables. Se informó una posible vulnerabilidad de pérdida de memoria en algunos productos portátiles Lenovo que puede permitir que un atacante local con privilegios elevados escriba en variables NVRAM. • https://support.lenovo.com/us/en/product_security/LEN-155477 • CWE-787: Out-of-bounds Write •

CVSS: 6.7EPSS: 0%CPEs: 28EXPL: 0

A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. Una potencial vulnerabilidad en la función shutdown SMI callback del sistema en algunos modelos ThinkPad, puede permitir a un atacante con acceso local y privilegios elevados ejecutar código arbitrario • https://support.lenovo.com/us/en/product_security/LEN-65529 • CWE-20: Improper Input Validation •