CVSS: 7.2EPSS: 0%CPEs: 272EXPL: 0CVE-2021-3599
https://notcve.org/view.php?id=CVE-2021-3599
A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. Una posible vulnerabilidad en la función SMI callback usada para acceder al dispositivo flash en algunos modelos de ThinkPad puede permitir a un atacante con acceso local y privilegios elevados ejecutar código arbitrario • https://support.lenovo.com/us/en/product_security/LEN-67440 • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 128EXPL: 0CVE-2021-3519
https://notcve.org/view.php?id=CVE-2021-3519
A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes. Se ha informado de una vulnerabilidad en algunos modelos de ordenadores de sobremesa de Lenovo que podía permitir el acceso no autorizado al menú de arranque, cuando la configuración de la BIOS "BIOS Password At Boot Device List" es Sí • https://support.lenovo.com/us/en/product_security/LEN-67440 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3633
https://notcve.org/view.php?id=CVE-2021-3633
A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation. Se ha reportado una vulnerabilidad de precarga de DLL en Lenovo Driver Management versiones anteriores a 2.9.0719.1104, que podría permitir una escalada de privilegios. • https://iknow.lenovo.com.cn/detail/dc_198418.html • CWE-347: Improper Verification of Cryptographic Signature CWE-427: Uncontrolled Search Path Element •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3617
https://notcve.org/view.php?id=CVE-2021-3617
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as CNVD-2020-68652. Se ha reportado una vulnerabilidad en Lenovo Smart Camera X3, X5 y C2E, que podría permitir una inyección de comandos al ajustar una configuración de red especialmente diseñada. Esta vulnerabilidad es la misma que CNVD-2020-68652. • https://iknow.lenovo.com.cn/detail/dc_198417.html https://www.cnvd.org.cn/flaw/show/CNVD-2020-68652 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3616
https://notcve.org/view.php?id=CVE-2021-3616
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651. Se ha reportado una vulnerabilidad en Lenovo Smart Camera X3, X5 y C2E, que podría permitir a un usuario no autorizado visualizar la información del dispositivo, alterar el contenido del firmware y la configuración del dispositivo. Esta vulnerabilidad es la misma que CNVD-2020-68651. • https://iknow.lenovo.com.cn/detail/dc_198417.html https://www.cnvd.org.cn/flaw/show/CNVD-2020-68651 • CWE-285: Improper Authorization •