CVSS: 6.8EPSS: 0%CPEs: 76EXPL: 0CVE-2020-8336
https://notcve.org/view.php?id=CVE-2020-8336
09 Jun 2020 — Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash. Lenovo implementó protecciones de Intel CSME Anti-rollback ARB en algunos modelos ThinkPad para impedir la reversión del Firmware CSME en flash • https://support.lenovo.com/us/en/product_security/LEN-30042 •
CVSS: 6.7EPSS: 0%CPEs: 346EXPL: 0CVE-2020-8323
https://notcve.org/view.php?id=CVE-2020-8323
09 Jun 2020 — A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution. Una potencial vulnerabilidad en la función de devolución de llamada SMI usada en el controlador Legacy SD en algunos modelos Lenovo ThinkPad, ThinkStation y Lenovo Notebook, lo que puede permitir una ejecución de código arbitraria • https://support.lenovo.com/us/en/product_security/LEN-30042 •
CVSS: 6.8EPSS: 0%CPEs: 202EXPL: 0CVE-2020-8320
https://notcve.org/view.php?id=CVE-2020-8320
09 Jun 2020 — An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. Un shell interno fue incluido en la imagen del BIOS en algunos modelos de ThinkPad que podría permitir una escalada de privilegios • https://support.lenovo.com/us/en/product_security/LEN-30042 • CWE-269: Improper Privilege Management CWE-489: Active Debug Code •
CVSS: 4.4EPSS: 1%CPEs: 81EXPL: 3CVE-2019-6192 – Lenovo Power Management Driver 1.67.17.48 - 'pmdrvs.sys' Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2019-6192
10 Dec 2019 — A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service. Ha sido reportada una posible vulnerabilidad en Lenovo Power Management Driver versiones anteriores a la versión 1.67.17.48, conllevando un desbordamiento de búfer que podría causar una denegación de servicio. Lenovo Power Management Driver suffers from buffer overflow vulnerability. • https://packetstorm.news/files/id/155656 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 786EXPL: 0CVE-2019-6188 – ThinkPad T460p and T470p BIOS Tamper Mechanism
https://notcve.org/view.php?id=CVE-2019-6188
12 Nov 2019 — The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access. El mecanismo de detección de manipulación del BIOS no se activó en Lenovo ThinkPad T460p, versiones de BIOS hasta R07ET90W, y T470p, versiones de BIOS hasta R0FET50W, lo que puede permitir el acceso no autorizado. • https://support.lenovo.com/us/en/product_security/LEN-27714 •
CVSS: 6.4EPSS: 0%CPEs: 786EXPL: 0CVE-2019-6170
https://notcve.org/view.php?id=CVE-2019-6170
12 Nov 2019 — A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution. Una posible vulnerabilidad en la función de devolución de llamada SMI utilizada en el controlador USB heredado que utiliza la estructura de servicios de arranque en fase de ejecución en algunos modelos de ThinkPad de Lenovo puede permitir la ejecución de códigos arbitrarios • https://support.lenovo.com/us/en/product_security/LEN-27714 •
CVSS: 6.4EPSS: 0%CPEs: 786EXPL: 0CVE-2019-6172
https://notcve.org/view.php?id=CVE-2019-6172
12 Nov 2019 — A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution. Una posible vulnerabilidad en la función de retrollamada SMI utilizada en el controlador USB heredado que utiliza el parámetro de paso sin suficiente comprobación en algunos modelos de ThinkPad de Lenovo puede permitir la ejecución de códigos arbitrarios • https://support.lenovo.com/us/en/product_security/LEN-27714 •
CVSS: 6.8EPSS: 0%CPEs: 220EXPL: 0CVE-2019-10724
https://notcve.org/view.php?id=CVE-2019-10724
28 Aug 2019 — There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions: Legion Y520T_Z370 6.0.1.8642, AIO310-20IAP 6.0.1.8642, AIO510-22ISH 6.0.1.8642, AIO510-23ISH 6.0.1.8642, AIO520-22IKL 6.0.1.8642, AIO520-22IKU 6.0.1.8642, AIO520-24IKL 6.0.1.8642, AIO520-24IKU 6.0.1.8642, AIO520-27IKL 6.0.1.8642, AIO720-24IKB 6.0.1.8642, IdeaCentre 520S-23IKU 6.0.1.8642, Thi... • https://lenovomobilesupport.lenovo.com/us/en/product_security/home •
CVSS: 3.3EPSS: 0%CPEs: 356EXPL: 0CVE-2019-6156
https://notcve.org/view.php?id=CVE-2019-6156
10 Apr 2019 — In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected. En los sistemas Lenovo, SMM BIOS Write Protection se utiliza para evitar la escritura en... • https://support.lenovo.com/solutions/LEN-26332 • CWE-667: Improper Locking •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2019-6149
https://notcve.org/view.php?id=CVE-2019-6149
15 Mar 2019 — An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges. Se ha identificado una vulnerabilidad de ruta de búsqueda sin entrecomillar en Lenovo Dynamic Power Reduction Utility, en versiones anteriores a la 2.2.2.0, que podría permitir que un usuario malicioso con acceso local ejecute código con privilegios de administrador. • http://www.securityfocus.com/bid/107438 • CWE-428: Unquoted Search Path or Element •