CVSS: 6.7EPSS: 0%CPEs: 598EXPL: 0CVE-2022-40137
https://notcve.org/view.php?id=CVE-2022-40137
30 Jan 2023 — A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-94953 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.4EPSS: 0%CPEs: 300EXPL: 0CVE-2022-40136
https://notcve.org/view.php?id=CVE-2022-40136
30 Jan 2023 — An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. • https://support.lenovo.com/us/en/product_security/LEN-94953 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 278EXPL: 0CVE-2022-40135
https://notcve.org/view.php?id=CVE-2022-40135
30 Jan 2023 — An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. • https://support.lenovo.com/us/en/product_security/LEN-94953 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 673EXPL: 0CVE-2022-40134
https://notcve.org/view.php?id=CVE-2022-40134
30 Jan 2023 — An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. • https://support.lenovo.com/us/en/product_security/LEN-94953 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 272EXPL: 0CVE-2021-3786
https://notcve.org/view.php?id=CVE-2021-3786
12 Nov 2021 — A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range. Una vulnerabilidad potencial en la función SMI callback usada en la configuración de CSME de algunos sistemas Lenovo Notebook y ThinkPad podría ser usada para filtrar datos fuera del rango de la SMRAM • https://support.lenovo.com/us/en/product_security/LEN-67440 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 272EXPL: 0CVE-2021-3599
https://notcve.org/view.php?id=CVE-2021-3599
12 Nov 2021 — A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. Una posible vulnerabilidad en la función SMI callback usada para acceder al dispositivo flash en algunos modelos de ThinkPad puede permitir a un atacante con acceso local y privilegios elevados ejecutar código arbitrario • https://support.lenovo.com/us/en/product_security/LEN-67440 • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 128EXPL: 0CVE-2021-3519
https://notcve.org/view.php?id=CVE-2021-3519
12 Nov 2021 — A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes. Se ha informado de una vulnerabilidad en algunos modelos de ordenadores de sobremesa de Lenovo que podía permitir el acceso no autorizado al menú de arranque, cuando la configuración de la BIOS "BIOS Password At Boot Device List" es Sí • https://support.lenovo.com/us/en/product_security/LEN-67440 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 44EXPL: 0CVE-2021-3614
https://notcve.org/view.php?id=CVE-2021-3614
16 Jul 2021 — A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage. Se ha reportado una vulnerabilidad en algunos sistemas de portátiles Lenovo que podría permitir a un atacante con acceso físico elevar los privilegios en determinadas condiciones durante una actualización de la BIOS llevada a cabo por Lenovo Vantage • https://support.lenovo.com/us/en/product_security/LEN-65529 • CWE-636: Not Failing Securely ('Failing Open') •
CVSS: 6.8EPSS: 0%CPEs: 42EXPL: 0CVE-2021-3453
https://notcve.org/view.php?id=CVE-2021-3453
16 Jul 2021 — Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage. Algunos sistemas de portátiles, ThinkPad y ordenadores de sobremesa de Lenovo presentan módulos BIOS desprotegidos por Intel Boot Guard que podrían permitir a un atacante con acceso físico la habilidad de escribir en el almacenamiento flash SPI • https://support.lenovo.com/us/en/product_security/LEN-65529 • CWE-693: Protection Mechanism Failure •
CVSS: 7.2EPSS: 0%CPEs: 83EXPL: 0CVE-2020-8337
https://notcve.org/view.php?id=CVE-2020-8337
09 Jun 2020 — An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code. Se reportó una vulnerabilidad de ruta de búsqueda sin comillas en versiones anteriores a 1.0.83.0 de la aplicación Synaptics Smart Audio UWP asociada con los controladores de audio DCHU en las plataformas de Lenovo que podrían permitir a un usuario administrativo ejec... • https://support.lenovo.com/us/en/product_security/len-30707 • CWE-428: Unquoted Search Path or Element •