CVSS: 6.7EPSS: 0%CPEs: 202EXPL: 0CVE-2022-48189
https://notcve.org/view.php?id=CVE-2022-48189
30 Oct 2023 — An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. Una vulnerabilidad de validación de entrada del controlador SMM en el BIOS de algunos modelos ThinkPad podría permitir que un atacante con acceso local y privilegios elevados ejecute código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-106014 • CWE-20: Improper Input Validation •
CVSS: 6.7EPSS: 0%CPEs: 108EXPL: 0CVE-2022-4574
https://notcve.org/view.php?id=CVE-2022-4574
30 Oct 2023 — An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. Una vulnerabilidad de validación de entrada del controlador SMI en el BIOS de algunos modelos ThinkPad podría permitir que un atacante con acceso local y privilegios elevados ejecute código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-106014 • CWE-20: Improper Input Validation •
CVSS: 6.7EPSS: 0%CPEs: 226EXPL: 0CVE-2023-2290
https://notcve.org/view.php?id=CVE-2023-2290
26 Jun 2023 — A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-106014 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 673EXPL: 0CVE-2022-40134
https://notcve.org/view.php?id=CVE-2022-40134
30 Jan 2023 — An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. • https://support.lenovo.com/us/en/product_security/LEN-94953 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 272EXPL: 0CVE-2021-3786
https://notcve.org/view.php?id=CVE-2021-3786
12 Nov 2021 — A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range. Una vulnerabilidad potencial en la función SMI callback usada en la configuración de CSME de algunos sistemas Lenovo Notebook y ThinkPad podría ser usada para filtrar datos fuera del rango de la SMRAM • https://support.lenovo.com/us/en/product_security/LEN-67440 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 272EXPL: 0CVE-2021-3599
https://notcve.org/view.php?id=CVE-2021-3599
12 Nov 2021 — A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. Una posible vulnerabilidad en la función SMI callback usada para acceder al dispositivo flash en algunos modelos de ThinkPad puede permitir a un atacante con acceso local y privilegios elevados ejecutar código arbitrario • https://support.lenovo.com/us/en/product_security/LEN-67440 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 42EXPL: 0CVE-2021-3453
https://notcve.org/view.php?id=CVE-2021-3453
16 Jul 2021 — Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage. Algunos sistemas de portátiles, ThinkPad y ordenadores de sobremesa de Lenovo presentan módulos BIOS desprotegidos por Intel Boot Guard que podrían permitir a un atacante con acceso físico la habilidad de escribir en el almacenamiento flash SPI • https://support.lenovo.com/us/en/product_security/LEN-65529 • CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 0%CPEs: 125EXPL: 0CVE-2021-3462
https://notcve.org/view.php?id=CVE-2021-3462
13 Apr 2021 — A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object. Una vulnerabilidad de escalada de privilegios en Lenovo Power Management Driver para Windows 10, anteriores a versión 1.67.17.54, que podría permitir el acceso no autorizado al objeto del dispositivo del controlador • https://support.lenovo.com/us/en/product_security/LEN-59174 • CWE-276: Incorrect Default Permissions •
CVSS: 4.9EPSS: 0%CPEs: 125EXPL: 0CVE-2021-3463
https://notcve.org/view.php?id=CVE-2021-3463
13 Apr 2021 — A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error. Una vulnerabilidad de desreferencia de puntero null en Lenovo Power Management Driver para Windows 10, anteriores a versión 1.67.17.54, que podría causar que los sistemas experimenten un error de pantalla azul • https://support.lenovo.com/us/en/product_security/LEN-59174 • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 83EXPL: 0CVE-2020-8337
https://notcve.org/view.php?id=CVE-2020-8337
09 Jun 2020 — An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code. Se reportó una vulnerabilidad de ruta de búsqueda sin comillas en versiones anteriores a 1.0.83.0 de la aplicación Synaptics Smart Audio UWP asociada con los controladores de audio DCHU en las plataformas de Lenovo que podrían permitir a un usuario administrativo ejec... • https://support.lenovo.com/us/en/product_security/len-30707 • CWE-428: Unquoted Search Path or Element •