CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3464
https://notcve.org/view.php?id=CVE-2021-3464
A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation. Se reportó una vulnerabilidad en la ruta de búsqueda de DLL en Lenovo PCManager, anterior a versión 3.0.400.3252, que podría permitir una escalada de privilegios • https://iknow.lenovo.com.cn/detail/dc_196156.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3451
https://notcve.org/view.php?id=CVE-2021-3451
A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations. Se reportó una vulnerabilidad de denegación de servicio en Lenovo PCManager, anterior a versión 3.0.400.3252, que podría permitir a archivos de configuración se escribieran en ubicaciones no estándar • https://iknow.lenovo.com.cn/detail/dc_196156.html • CWE-276: Incorrect Default Permissions •
CVSS: 4.9EPSS: 0%CPEs: 66EXPL: 0CVE-2021-3473
https://notcve.org/view.php?id=CVE-2021-3473
An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exists in this internal log buffer for less than 10 minutes before being overwritten. Generating an FFDC service log will include the log buffer contents, including the backup/restore password if present. The FFDC service log is only generated when requested by a privileged XCC user and it is only accessible to the privileged XCC user that requested the file. The backup/restore password is not captured if the backup/restore is initiated directly from XCC. • https://support.lenovo.com/us/en/product_security/LEN-52117 • CWE-312: Cleartext Storage of Sensitive Information CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 125EXPL: 0CVE-2021-3462
https://notcve.org/view.php?id=CVE-2021-3462
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object. Una vulnerabilidad de escalada de privilegios en Lenovo Power Management Driver para Windows 10, anteriores a versión 1.67.17.54, que podría permitir el acceso no autorizado al objeto del dispositivo del controlador • https://support.lenovo.com/us/en/product_security/LEN-59174 • CWE-276: Incorrect Default Permissions •
CVSS: 4.9EPSS: 0%CPEs: 125EXPL: 0CVE-2021-3463
https://notcve.org/view.php?id=CVE-2021-3463
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error. Una vulnerabilidad de desreferencia de puntero null en Lenovo Power Management Driver para Windows 10, anteriores a versión 1.67.17.54, que podría causar que los sistemas experimenten un error de pantalla azul • https://support.lenovo.com/us/en/product_security/LEN-59174 • CWE-476: NULL Pointer Dereference •