CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3969
https://notcve.org/view.php?id=CVE-2021-3969
A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges. Se informó de una vulnerabilidad en el tiempo de comprobación del tiempo de uso (TOCTOU) en IMController, un componente de software de Lenovo System Interface Foundation, versiones anteriores a 1.1.20.3, que podría permitir a un atacante local elevar sus privilegios • https://support.lenovo.com/us/en/product_security/LEN-75210 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3922
https://notcve.org/view.php?id=CVE-2021-3922
A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe. Se ha informado de una vulnerabilidad de condición de carrera en IMController, un componente de software de Lenovo System Interface Foundation, anterior a la versión 1.1.20.3 que podría permitir a un atacante local conectarse e interactuar con la tubería con nombre del proceso hijo de IMController • https://support.lenovo.com/us/en/product_security/LEN-75210 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8346
https://notcve.org/view.php?id=CVE-2020-8346
A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations. Se reportó de una vulnerabilidad de denegación de servicio en el componente Lenovo Vantage llamado Lenovo System Interface Foundation versiones anteriores a 1.1.19.5, que podría permitir que los archivos de configuración se escribieran en ubicaciones no estándar • https://support.lenovo.com/us/en/product_security/LEN-38717 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8324
https://notcve.org/view.php?id=CVE-2020-8324
A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed. Se reportó una vulnerabilidad en LenovoAppScenarioPluginSystem para Lenovo System Interface Foundation versiones anteriores a 1.2.184.31, que podría permitir que archivos DLL sin firmar sean ejecutados. • https://support.lenovo.com/us/en/product_security/LEN-30401 • CWE-20: Improper Input Validation CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8319
https://notcve.org/view.php?id=CVE-2020-8319
A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges. Se reportó una vulnerabilidad de escalada de privilegios en Lenovo System Interface Foundation versiones anteriores a 1.1.19.3, que podría permitir a un usuario autenticado ejecutar código con privilegios elevados. • https://support.lenovo.com/us/en/product_security/LEN-30401 •