28 results (0.011 seconds)

CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0

A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code. Se informó de un desbordamiento del búfer en el controlador FmpSipoCapsuleDriver en el IdeaPad Duet 3-10IGL5 que puede permitir que un atacante local con privilegios elevados ejecute código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-141775 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.8EPSS: 0%CPEs: 50EXPL: 0

A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. Una vulnerabilidad potencial en un driver utilizado durante el proceso de fabricación de algunos dispositivos de consumo Lenovo Notebook que no se desactivó por error, puede permitir que un atacante con privilegios elevados modifique la configuración de arranque seguro modificando una variable de la NVRAM. • https://support.lenovo.com/us/en/product_security/LEN-94952 • CWE-276: Incorrect Default Permissions •

CVSS: 6.7EPSS: 0%CPEs: 174EXPL: 0

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface. • https://support.lenovo.com/us/en/product_security/LEN-103710 • CWE-284: Improper Access Control •

CVSS: 4.4EPSS: 0%CPEs: 174EXPL: 0

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI. • https://support.lenovo.com/us/en/product_security/LEN-103710 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.7EPSS: 0%CPEs: 174EXPL: 0

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential. • https://support.lenovo.com/us/en/product_security/LEN-103710 • CWE-798: Use of Hard-coded Credentials •