lenovo

488 tracked vulnerabilities.

CVE-2023-43569 MEDIUM
Lenovo ThinkCentre M70q Firmware - Buffer Overflow in OemSmi Module
Nov 08, 2023
CVSS 6.7
EPSS 0.00
CVE-2023-43568 MEDIUM
Lenovo IdeaCentre and ThinkCentre Firmware - Buffer Over-read in LemSecureBootForceKey Module
Nov 08, 2023
CVSS 4.4
EPSS 0.00
CVE-2023-43567 MEDIUM
Lenovo IdeaCentre and ThinkCentre Firmware - Authenticated Buffer Overflow in LemSecureBootForceKey Module
Nov 08, 2023
CVSS 6.7
EPSS 0.00
CVE-2023-4608 MEDIUM
ThinkSystem <v3 - Authenticated SQL Injection
Oct 25, 2023
CVSS 4.1
EPSS 0.00
CVE-2023-4607 HIGH
Lenovo ThinkAgile HX/MX Series Firmware - Authenticated Privilege Escalation via API Command
Oct 25, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-4606 HIGH
Lenovo ThinkAgile HX Series Firmware - Authenticated Missing Authorization via Crafted API Command
Oct 25, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-4030 HIGH
ThinkPad P14s Gen 2-P15s Gen 2-T14 Gen 2-T15 Gen 2 - Info Disclosure
Aug 17, 2023
CVSS 8.4
EPSS 0.00
CVE-2023-4029 MEDIUM
Lenovo ThinkPad Firmware - Authenticated Buffer Overflow in BoardUpdateAcpiDxe Driver
Aug 17, 2023
CVSS 6.7
EPSS 0.00
CVE-2023-4028 MEDIUM
Lenovo Yoga and IdeaPad Flex Firmware - Authenticated Buffer Overflow in SystemUserMasterHddPwdDxe Driver
Aug 17, 2023
CVSS 6.7
EPSS 0.00
CVE-2023-3078 HIGH
Lenovo Universal Device Client < 23.4 - Uncontrolled Search Path Element
Aug 17, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-34419 MEDIUM
Lenovo Legion 5 Pro 16IAH7H Firmware < j2cn51ww - Authenticated Buffer Overflow in SetupUtility Driver
Aug 17, 2023
CVSS 6.7
EPSS 0.00
CVE-2023-3113 HIGH
Lenovo XClarity Administrator CIM Server - XML External Entity File Read
Jun 26, 2023
CVSS 8.2
EPSS 0.00
CVE-2023-34422 MEDIUM
Lenovo XClarity Administrator < 4.0.0 - Authenticated Directory Deletion via Web API
Jun 26, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-34421 MEDIUM
Lenovo XClarity Administrator < 4.0.0 - Authenticated Filesystem Data Replacement via Web API
Jun 26, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-34420 HIGH
Lenovo XClarity Administrator < 4.0.0 - Authenticated OS Command Injection via Web API
Jun 26, 2023
CVSS 7.2
EPSS 0.01
CVE-2023-34418 HIGH
Lenovo XClarity Administrator < 4.0.0 - Authenticated SQL Injection via Web API
Jun 26, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-2993 MEDIUM
Lenovo NextScale N1200 Enclosure Firmware < fhet60b-3.40 - Authenticated Privilege Escalation via Web Management API
Jun 26, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-2992 HIGH
Lenovo NextScale N1200 Enclosure Firmware < fhet60b-3.40 - Unauthenticated Denial of Service
Jun 26, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-2290 MEDIUM
Lenovo ThinkPad E14/E15/L13/L14 Firmware - Authenticated Out-of-bounds Write via LenovoFlashDeviceInterface SMI Handler
Jun 26, 2023
CVSS 6.4
EPSS 0.00
CVE-2023-25492 MEDIUM
Lenovo ThinkAgile Firmware - Authenticated Denial of Service via Format String Injection
May 01, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-0683 HIGH
Lenovo ThinkAgile HX Series Firmware - Authenticated Privilege Escalation via Crafted API Call
May 01, 2023
CVSS 8.3
EPSS 0.01
CVE-2023-0896 HIGH
Lenovo Smart Clock Essential with Alexa Built In Firmware < 90 - Unauthenticated Default Password Bypass
May 01, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-29056 MEDIUM
Lenovo ThinkAgile HX Series Firmware - Improper Privilege Management
Apr 28, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-25496 HIGH
Lenovo Drivers Management < 3.1.1307.1308 - Privilege Escalation
Apr 28, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-25495 MEDIUM
Lenovo ThinkAgile Firmware - Authenticated LDAP Password Exposure via Web Interface API
Apr 28, 2023
CVSS 4.9
EPSS 0.01