17 results (0.009 seconds)

CVSS: 6.7EPSS: 0%CPEs: 202EXPL: 0

An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. Una vulnerabilidad de validación de entrada del controlador SMM en el BIOS de algunos modelos ThinkPad podría permitir que un atacante con acceso local y privilegios elevados ejecute código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-106014 • CWE-20: Improper Input Validation •

CVSS: 6.7EPSS: 0%CPEs: 226EXPL: 0

A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-106014 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 4.4EPSS: 0%CPEs: 673EXPL: 0

An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. • https://support.lenovo.com/us/en/product_security/LEN-94953 • CWE-125: Out-of-bounds Read •

CVSS: 7.2EPSS: 0%CPEs: 60EXPL: 0

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code. Durante una auditoría de seguridad interna del producto se descubrió una posible vulnerabilidad debida al uso de los servicios de arranque en el manejador SMI SmmOEMInt15 en algunos modelos de ThinkPad que podría ser explotada por un atacante con privilegios elevados que podría permitir la ejecución de código • https://support.lenovo.com/us/en/product_security/LEN-84943 • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •

CVSS: 7.2EPSS: 0%CPEs: 66EXPL: 0

A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. Una posible vulnerabilidad en la función SMI para acceder a la EEPROM en algunos modelos de ThinkPad puede permitir a un atacante con acceso local y privilegios elevados ejecutar código arbitrario • https://support.lenovo.com/us/en/product_security/LEN-72619 • CWE-20: Improper Input Validation •