CVSS: 4.4EPSS: 0%CPEs: 174EXPL: 0CVE-2022-3745
https://notcve.org/view.php?id=CVE-2022-3745
23 Aug 2023 — A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI. • https://support.lenovo.com/us/en/product_security/LEN-103710 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.7EPSS: 0%CPEs: 174EXPL: 0CVE-2022-3744
https://notcve.org/view.php?id=CVE-2022-3744
23 Aug 2023 — A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential. • https://support.lenovo.com/us/en/product_security/LEN-103710 • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.4EPSS: 0%CPEs: 174EXPL: 0CVE-2022-3743
https://notcve.org/view.php?id=CVE-2022-3743
23 Aug 2023 — A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands. • https://support.lenovo.com/us/en/product_security/LEN-103710 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.7EPSS: 0%CPEs: 174EXPL: 0CVE-2022-3742
https://notcve.org/view.php?id=CVE-2022-3742
23 Aug 2023 — A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation. • https://support.lenovo.com/us/en/product_security/LEN-103710 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.7EPSS: 0%CPEs: 60EXPL: 0CVE-2023-34419
https://notcve.org/view.php?id=CVE-2023-34419
17 Aug 2023 — A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code. Se ha identificado un desbordamiento de búfer en el controlador SetupUtility de algunos productos portátiles de Lenovo los cuales podrían permitir a un atacante con acceso local y privilegios elevados ejecutar código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-134879 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-4030
https://notcve.org/view.php?id=CVE-2023-4030
17 Aug 2023 — A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt. Se ha reportado una vulnerabilidad en BIOS en ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, y T15 Gen 2 que podría hacer que el sistema se recupere en configuraciones inseguras si el BIOS se corrompe. • https://support.lenovo.com/us/en/product_security/LEN-134879 • CWE-636: Not Failing Securely ('Failing Open') •
CVSS: 6.7EPSS: 0%CPEs: 52EXPL: 0CVE-2023-4029
https://notcve.org/view.php?id=CVE-2023-4029
17 Aug 2023 — A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code. Se ha identificado un desbordamiento de búfer en el controlador BoardUpdateAcpiDxe de algunos productos ThinkPad de Lenovo que puede permitir a un atacante con acceso local y privilegios elevados ejecutar código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-134879 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.7EPSS: 0%CPEs: 58EXPL: 0CVE-2023-4028
https://notcve.org/view.php?id=CVE-2023-4028
17 Aug 2023 — A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code. Se ha identificado un desbordamiento de búfer en el controlador SystemUserMasterHddPwdDxe de algunos productos portátiles de Lenovo que puede permitir a un atacante con acceso local y privilegios elevados ejecutar código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-134879 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3078
https://notcve.org/view.php?id=CVE-2023-3078
17 Aug 2023 — An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. Una vulnerabilidad de ruta de búsqueda no controlada en el Lenovo Universal Device Client (UDC) que podría permitir a un atacante con acceso local ejecutar código con privilegios elevados. • https://support.lenovo.com/us/en/product_security/LEN-121183 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34422
https://notcve.org/view.php?id=CVE-2023-34422
26 Jun 2023 — A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation. • https://support.lenovo.com/us/en/product_security/LEN-98715 • CWE-20: Improper Input Validation •