CVE-2024-7756
https://notcve.org/view.php?id=CVE-2024-7756
A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell. • https://support.lenovo.com/us/en/product_security/LEN-165524 • CWE-489: Active Debug Code •
CVE-2023-43577
https://notcve.org/view.php?id=CVE-2023-43577
A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Se informó un desbordamiento del búfer en el módulo ReFlash en algunos productos de Lenovo Desktop que puede permitir que un atacante local con privilegios elevados ejecute código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-141775 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-43576
https://notcve.org/view.php?id=CVE-2023-43576
A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Se informó un desbordamiento del búfer en el módulo WMISwSmi en algunos productos de Lenovo Desktop que puede permitir que un atacante local con privilegios elevados ejecute código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-141775 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-43575
https://notcve.org/view.php?id=CVE-2023-43575
A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Se informó un desbordamiento del búfer en el módulo UltraFunctionTable en algunos productos de Lenovo Desktop que puede permitir que un atacante local con privilegios elevados ejecute código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-141775 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-43574
https://notcve.org/view.php?id=CVE-2023-43574
A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. Se informó una lectura excesiva del búfer en el módulo LEMALLDriversConnectedEventHook en algunos productos de Lenovo Desktop que puede permitir que un atacante local con privilegios elevados revele información sensible. • https://support.lenovo.com/us/en/product_security/LEN-141775 • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •