Page 25 of 421 results (0.006 seconds)

CVSS: 6.7EPSS: 0%CPEs: 226EXPL: 0

A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-106014 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 62EXPL: 0

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-124495 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 244EXPL: 0

An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-124495 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation. • https://support.lenovo.com/us/en/product_security/LEN-103544 • CWE-276: Incorrect Default Permissions •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure. • https://iknow.lenovo.com.cn/detail/dc_206093.html • CWE-295: Improper Certificate Validation •