Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-3323

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Apr, 2015 | 23:00
Updated At-06 Aug, 2024 | 05:47
Rejected At-
Credits

The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Apr, 2015 | 23:00
Updated At:06 Aug, 2024 | 05:47
Rejected At:
▼CVE Numbering Authority (CNA)

The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/74197
vdb-entry
x_refsource_BID
http://support.lenovo.com/us/en/product_security/tsm_weak_pw
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/74197
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://support.lenovo.com/us/en/product_security/tsm_weak_pw
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/74197
vdb-entry
x_refsource_BID
x_transferred
http://support.lenovo.com/us/en/product_security/tsm_weak_pw
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/74197
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://support.lenovo.com/us/en/product_security/tsm_weak_pw
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Apr, 2015 | 23:59
Updated At:06 May, 2026 | 22:30

The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Lenovo Group Limited
lenovo
>>thinkserver_system_manager_baseboard_management_controller_firmware>>Versions up to 118.71532.(inclusive)
cpe:2.3:o:lenovo:thinkserver_system_manager_baseboard_management_controller_firmware:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkserver_rd350>>-
cpe:2.3:h:lenovo:thinkserver_rd350:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkserver_rd450>>-
cpe:2.3:h:lenovo:thinkserver_rd450:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkserver_rd550>>-
cpe:2.3:h:lenovo:thinkserver_rd550:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkserver_rd650>>-
cpe:2.3:h:lenovo:thinkserver_rd650:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkserver_td350>>-
cpe:2.3:h:lenovo:thinkserver_td350:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://support.lenovo.com/us/en/product_security/tsm_weak_pwcve@mitre.org
Vendor Advisory
http://www.securityfocus.com/bid/74197cve@mitre.org
N/A
http://support.lenovo.com/us/en/product_security/tsm_weak_pwaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/74197af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://support.lenovo.com/us/en/product_security/tsm_weak_pw
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/74197
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.lenovo.com/us/en/product_security/tsm_weak_pw
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/74197
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1127Records found
CVE-2019-6176
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.5||HIGH
EPSS-0.54% / 67.88%
||
7 Day CHG~0.00%
Published-20 Nov, 2019 | 01:31
Updated-16 Sep, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_usb-c_dockthinkpad_usb-c_dock_firmwareThinkPad USB-C Dock Firmware
CVE-2019-6163
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 50.71%
||
7 Day CHG~0.00%
Published-26 Jun, 2019 | 14:12
Updated-16 Sep, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.

Action-Not Available
Vendor-Lenovo Group Limited
Product-s200pb_seriesv100j200pj105thinkstationj100k_seriesj200c200e_seriesj115c100j110s200thinkpadthinkcentres205n200v200n100v_seriessystem_updatej205System Update
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2022-1108
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.68%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_x1_fold_gen_1thinkpad_x1_fold_gen_1_firmwareThinkPad BIOS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-1107
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 9.87%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_t580_firmwarethinkpad_11e_yoga_firmwarethinkpad_x1_yoga_gen_2thinkpad_t560thinkpad_w541thinkpad_yoga_15thinkpad_x1_carbon_3rd_gen_firmwarethinkpad_x1_carbon_4th_genthinkpad_x1_yoga_gen_2_firmwarethinkpad_t570thinkpad_l560thinkpad_p50sthinkpad_t560_firmwarethinkpad_w541_firmwarethinkpad_t580thinkpad_x1_yoga_firmwarethinkpad_x1_carbon_5th_gen_skylake_firmwarethinkpad_p51sthinkpad_x280_firmwarethinkpad_t550thinkpad_x1_yogathinkpad_x1_carbon_3rd_genthinkpad_11e_yogathinkpad_x1_tablet_gen_2_firmwarethinkpad_helix_firmwarethinkpad_t570_firmwarethinkpad_11e_firmwarethinkpad_x1_carbon_5th_gen_kabylake_firmwarethinkpad_yoga_260thinkpad_l570thinkpad_p52s_firmwarethinkpad_x1_tablet_gen_1_firmwarethinkpad_w550sthinkpad_x1_carbon_5th_gen_kabylakethinkpad_x1_carbon_5th_gen_skylakethinkpad_x1_yoga_gen_3_firmwarethinkpad_x1_carbon_4th_gen_firmwarethinkpad_t550_firmwarethinkpad_l570_firmwarethinkpad_w540_firmwarethinkpad_x390_firmwarethinkpad_yoga_15_firmwarethinkpad_11ethinkpad_yoga_260_firmwarethinkpad_helixthinkpad_x1_tablet_gen_1thinkpad_x1_tablet_gen_2thinkpad_w550s_firmwarethinkpad_l560_firmwarethinkpad_w540thinkpad_x280thinkpad_x250thinkpad_x390thinkpad_p50s_firmwarethinkpad_s540thinkpad_s540_firmwarethinkpad_x250_firmwarethinkpad_x1_yoga_gen_3thinkpad_p51s_firmwarethinkpad_p52sThinkPad BIOS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-3759
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-8.1||HIGH
EPSS-1.43% / 81.00%
||
7 Day CHG~0.00%
Published-17 Oct, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Lenovo Service Framework Android application accepts some responses from the server without proper validation. This exposes the application to man-in-the-middle attacks leading to possible remote code execution.

Action-Not Available
Vendor-Lenovo Group Limited
Product-service_frameworkService Framework application
CWE ID-CWE-20
Improper Input Validation
CVE-2016-8106
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.9||MEDIUM
EPSS-2.58% / 85.88%
||
7 Day CHG~0.00%
Published-09 Jan, 2017 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.

Action-Not Available
Vendor-Intel CorporationHP Inc.Lenovo Group Limited
Product-ethernet_converged_network_adapter_xl710-qda2_xl710qda2converged_hx5500_applianceethernet_i\/o_module_xl710-qda1_axx1p40frtiomthinkagile_cx4600ethernet_controller_x710-bm2_sllkcethernet_controller_xl710-am1_sr1znethernet_controller_xl710-bm2_sllk7ethernet_controller_xl710-bm1_sllk9ethernet_converged_network_adapter_xl710-qda1_xl710qda1ethernet_10gb_4-port_563sfp\+nextscale_nx360_m5thinkserver_rd350eth_converged_ntwk_adptr_x710-da4_ex710da4fhg1p5ethernet_10gb_2-port_562sfp\+ethernet_controller_xl710-bm2_sllk8ethernet_i\/o_module_xl710-qda2_axx2p40frtiomconverged_hx_seriesconverged_hx5510_applianceeth_converged_ntwk_adptr_xl710-qda1_exl710qda1g1p5thinkserver_rd650ethernet_converged_network_adapter_x710-da2_x710da2g2p5ethernet_converged_network_adapter_xl710-qda2_xl710qda2g2p5ethernet_controller_xl710-bm1_sllkathinkagile_cx2200system_x3500_m5converged_hx7500_applianceethernet_converged_network_adapter_x710-da2_x710da2blkethernet_controller_xl710-am2_sr1zleth_converged_ntwk_adptr_x710-da2_ex710da2g1p5ethernet_converged_network_adapter_x710-da4_x710da4fhethernet_converged_network_adapter_x710-da4_x710da4fhg2p5ethernet_converged_network_adapter_xl710-qda1_xl710qda1g2p5system_x3250_m5system_x3550_m5system_x3750_m4ethernet_controller_xl710-am1_sr1zmsystem_x3850_x6converged_hx7510_applianceethernet_converged_network_adapter_x710-da4_x710da4g2p5thinkserver_sd350proliant_xl260a_g9_serverthinkagile_cx4200ethernet_converged_network_adapter_xl710-qda1_xl710qda1blkethernet_10gb_2-port_562flr-sfp\+eth_converged_ntwk_adptr_x710-da4_ex710da4g1p5thinkserver_td350ethernet_controller_xl710_firmwareethernet_controller_xl710-am2_sr1zkethernet_converged_network_adapter_x710-da2_x710da2eth_converged_ntwk_adptr_xl710-qda2_exl710qda2g1p5system_x3950_x6ethernet_converged_network_adapter_x710-da4_x710da4fhblkthinkserver_rd450thinkserver_rd550system_x3650_m5ethernet_controller_x710_firmwareethernet_controller_x710-am2_sr1zqethernet_controller_x710-am2_sr1zpethernet_converged_network_adapter_xl710-qda2_xl710qda2blkethernet_controller_x710-bm2_sllkbIntel® Ethernet Controller X710 family and Intel® Ethernet Controller XL710 family
CWE ID-CWE-20
Improper Input Validation
CVE-2021-4212
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.46%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-ideapad_5_pro-16ihu6_firmwareideapad_gaming_3-15imh05_firmwarel340-17irh_firmwareideapad_5-14alc05ideapad_5-14alc05_firmwarel340-15iwl_touch_firmwareideapad_5_pro-16ihu6ideapad_gaming_3-15ach6legion_y545_firmwareslim_7-14itl05yoga_creator_7-15imh05e41-50_firmwareyoga_6-13alc6_firmwarel340-15iwl_firmwareflex-14imllegion_y545ideapad_5-15itl05_firmwareyoga_slim_7-15imh05yoga_slim_7-15iil05ideapad_3-14are05s540-14imlslim_7-14itl05_firmwarel340-17iwlyoga_creator_7-15imh05_firmwarelegion_y540-15irh-pg0_firmwareideapad_5-15itl05s340-14imllegion_y7000-2019-pg0ideapad_gaming_3-15imh05slim_7-14are05ideapad_3-17are05_firmwarethinkbook_plus_g2_itgideapad_3-15are05s340-13imlideapad_5_pro-14acn6yoga_slim_7-15imh05_firmwareideapad_5-14are05legion_y540-15irh-pg0ideapad_creator_5-15imh05s340-15apis340-15imlideapad_5_pro-14acn6_firmwareyoga_slim_7-14itl05_firmwareyoga_slim_7-15itl05v140-15iwl_firmwares540-14iml_firmwareideapad_gaming_3-15arh05_firmwares540-14iml_touchslim_7-14are05_firmwarelegion_y540-17irh-pg0_firmwareideapad_3-15are05_firmwareyoga_slim_7-14are05slim_7-15imh05d330-10igm_firmwarel340-15iwlideapad_5_pro-14itl6_firmwares340-14api_firmwares340-14apilegion_y540-17irhl340-15irhs340-15iml_firmwarelegion_y7000-2019-pg0_firmwareslim_7-15itl05_firmwarelegion_y545-pg0_firmwarev340-17iwls340-14iml_firmwarelegion_y7000-2019_firmwareideapad_gaming_3-15ach6_firmwareyoga_slim_7-14iil05yoga_slim_7_carbon_13itl5legion_y540-17irh_firmwareslim_7-15iil05yoga_6-13alc6ideapad_3-17are05yoga_slim_7-14iil05_firmwarel340-17iwl_firmwareyoga_slim_7_carbon_13itl5_firmwarec340-15imlideapad_5_pro-14itl6d330-10igmlegion_y540-17irh-pg0flex-15iml_firmwarethinkbook_13x_itgduet_3-10igl5thinkbook_13x_itg_firmwares340-13iml_firmwarev14-areyoga_slim_7-15iil05_firmwares340-15api_touchyoga_slim_7-14are05_firmwareflex-15imll340-15iwl_touchthinkbook_plus_g2_itg_firmwarev14-are_firmwarev340-17iwl_firmwares540-14iml_touch_firmwareideapad_creator_5-15imh05_firmwarec340-15iml_firmwareslim_7-15itl05ideapad_gaming_3-15arh05slim_7-15imh05_firmwareflex-14iml_firmwares340-15api_firmwareduet_3-10igl5_firmwarelegion_y540-15irh_firmwares340-15api_touch_firmwareslim_7-15iil05_firmwarelegion_y7000-2019c340-14imls540-15iml_firmwarethinkbook_14_g3_itl_firmwareyoga_slim_7-15itl05_firmwarelegion_y540-15irhe41-50yoga_slim_7-14itl05ideapad_3-14are05_firmwarec340-14iml_firmwares540-15imlideapad_5-14are05_firmwarev140-15iwll340-15irh_firmwarelegion_y545-pg0l340-17irhthinkbook_14_g3_itlBIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-4210
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.31%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkstation_p520_firmwareideacentre_aio_3-27itl6_firmwarethinkcentre_m910zideacentre_aio_3-27itl6ideacentre_aio_3-22ada6ideacentre_aio_3-22ada6_firmwarethinkcentre_m800v410z_firmwarethinkcentre_m900ideacentre_g5-14imb05_firmwarethinkstation_p520thinkcentre_m90a_gen2v50t-13imbthinkcentre_x1thinkcentre_m700thinkcentre_m75n_firmwarethinkstation_p310_firmwarethinkstation_p310thinkedge_se30thinkcentre_m700_firmwarethinkcentre_m810zthinkcentre_m800_firmwarethinkcentre_m75nthinkcentre_m810z_firmwareideacentre_aio_3-22itl6_firmwarethinkedge_se30_firmwarethinkcentre_m70a_firmwareideacentre_aio_3-24ada6_firmwarethinkcentre_m900_firmwarea540-27icbstadia_ggp-120_firmwareideacentre_aio_3-22iil5_firmwarev410zstadia_ggp-120ideacentre_c5-14imb05thinkcentre_m900x_firmwarea540-27icb_firmwareideacentre_5-14imb05thinkcentre_m700_tinyideacentre_aio_3-24itl6thinkstation_p520c_firmwarethinkcentre_m90a_gen2_firmwareideacentre_c5-14imb05_firmwarea540-24icbthinkcentre_m70aideacentre_aio_3-24ada6thinkcentre_m820z_firmwareideacentre_aio_3-24itl6_firmwarev540-24iwl_firmwarea540-24icb_firmwareideacentre_aio_3-22iil5ideacentre_5-14imb05_firmwarev50t-13imb_firmwarethinkcentre_m820zthinkcentre_m900xideacentre_aio_3-24iil5thinkcentre_m910z_firmwareideacentre_aio_3-22itl6ideacentre_g5-14imb05thinkcentre_x1_firmwareideacentre_aio_3-24iil5_firmwarethinkcentre_m700_tiny_firmwarev540-24iwlthinkstation_p520cBIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2023-1577
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.54%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 20:29
Updated-01 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Driver Managerdrivers_management
CWE ID-CWE-20
Improper Input Validation
CVE-2021-4211
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.31%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-a340-24ickthinkcentre_m90a_\(gen_2\)thinkcentre_m90a_\(gen_2\)_firmwarev30a-24imlthinkcentre_m910xideacentre_aio_3-27itl6_firmwarethinkcentre_m720eideacentre_aio_3-22ada6ideacentre_aio_3-27itl6se30_firmwareideacentre_aio_3-22ada6_firmwarethinkstation_p320a340-22icb_firmwarethinkcentre_m800thinkstation_p320_tinyv410z_firmwareideacentre_510s-07icbthinkcentre_m900thinkcentre_m910sthinkcentre_m710q_firmwarethinkstation_p320_firmwarev520thinkcentre_m710ethinkcentre_m710t_firmwarethinkcentre_m75n_firmwarethinkstation_p310_firmwarethinkcentre_m910qthinkstation_p310thinkcentre_m720e_firmwareideacentre_5-14iob6v530-15icb_firmwareideacentre_510s-07ick_firmwarev530s-07icb_firmwarethinkcentre_m810zthinkcentre_m800_firmwarethinkcentre_m75nthinkcentre_m810z_firmwareideacentre_5-14iob6_firmwarethinkcentre_m710qideacentre_aio_3-22itl6_firmwarethinkcentre_m710tv30a-24iml_firmwarethinkcentre_m70a_firmwarea340-22ickv530-15icrideacentre_aio_3-24ada6_firmwarev530s-07icbthinkcentre_m710e_firmwarethinkcentre_m900_firmwarev530-15icba540-27icbv520s_firmwareideacentre_aio_3-22iil5_firmwareideacentre_510s-07icb_firmwarea340-24ick_firmwarev410zthinkstation_p320_tiny_firmwarea340-24icb_firmwareideacentre_creator_5-14iob6se30thinkcentre_m900x_firmwarea540-27icb_firmwarethinkcentre_m700_tinyv30a-22imlv520_firmwareideacentre_aio_3-24itl6thinkcentre_m710q_\(10yc\)ideacentre_aio_3-24ada6a540-24icbthinkcentre_m70av30a-22iml_firmwarethinkcentre_m820z_firmwareideacentre_aio_3-24itl6_firmwarev530s-07icr_firmwarev540-24iwl_firmwareideacentre_510s-07icka540-24icb_firmwarev530s-07icrthinkcentre_m710s_firmwareideacentre_aio_3-22iil5thinkcentre_m910x_firmwarethinkcentre_m910s_firmwarethinkcentre_m820zthinkcentre_m910t_firmwarev50t-13iob_g2_firmwarev50t-13iob_g2a340-22icbthinkcentre_m710sideacentre_gaming_5-14iob6_firmwarethinkcentre_m900xideacentre_aio_3-24iil5thinkcentre_m710q_\(10yc\)_firmwareideacentre_gaming_5-14iob6v520sideacentre_aio_3-22itl6thinkcentre_m910tv530-15icr_firmwareideacentre_aio_3-24iil5_firmwarethinkcentre_m700_tiny_firmwarethinkcentre_m600_firmwareideacentre_creator_5-14iob6_firmwarea340-24icbv540-24iwlthinkcentre_m600thinkcentre_m910q_firmwarea340-22ick_firmwareBIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2023-0683
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-8.3||HIGH
EPSS-0.57% / 69.01%
||
7 Day CHG~0.00%
Published-01 May, 2023 | 14:23
Updated-30 Jan, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinksystem_sn550thinksystem_sr530_firmwarethinkagile_hx3375_firmwarethinksystem_sr570_firmwarethinkagile_hx5530thinksystem_sr158thinkagile_hx3721thinksystem_sd630_v2_firmwarethinksystem_sr665_firmwarethinksystem_sd650thinkagile_hx3520-g_firmwarethinkagile_hx3521-g_firmwarethinkagile_mx3531_h_firmwarethinksystem_st250thinkagile_vx1320_firmwarethinksystem_sr850thinksystem_sr158_firmwarethinkagile_vx3320_firmwarethinkagile_hx7530_firmwarethinkagile_hx2330thinkagile_vx7820thinksystem_sn850thinkagile_hx5520thinkagile_vx7530_firmwarethinkedge_se450_thinkagile_vx3320thinkagile_vx5520_firmwarethinksystem_st550_firmwarethinksystem_sr630thinkagile_mx1021_on_se350_firmwarethinksystem_sr950thinkagile_vx7320_nthinksystem_st658_v2thinkagile_hx1521-r_firmwarethinkagile_hx7820thinkagile_vx2320thinkagile_vx7520_nthinkagile_hx7520_firmwarethinkagile_vx_2u4nthinksystem_sr860_firmwarethinksystem_sr650_v2_firmwarethinkagile_hx5520-cthinksystem_sr630_v2thinkagile_hx_enclosure_firmwarethinkagile_hx7820_firmwarethinkagile_hx3720thinksystem_sd530thinksystem_sr860_v2thinksystem_sn850_firmwarethinkagile_mx1021_on_se350thinkagile_vx_4u_firmwarethinksystem_st650_v2thinksystem_sr258_v2thinkagile_hx7521_firmwarethinkagile_hx1021thinkagile_hx3375thinkagile_vx2320_firmwarethinksystem_sr250_v2_firmwarethinkagile_vx3330thinkagile_mx3330-h_firmwarethinkagile_hx2720-e_firmwarethinkagile_hx3331_firmwarethinksystem_st250_firmwarethinksystem_sr645_v3thinkagile_hx3330_firmwarethinksystem_sr570thinksystem_sd650-n_v2thinkagile_vx7520thinkagile_hx3321_firmwarethinksystem_sr670_v2_firmwarethinksystem_sr670_v2thinkagile_vx_4uthinkagile_mx3331-f_firmwarethinkagile_hx2320-e_firmwarethinkagile_hx1331thinkagile_hx3331thinkagile_hx7521thinkagile_vx5520thinksystem_sr550thinkagile_mx3330-hthinkagile_vx7530thinkagile_vx3520-g_firmwarethinksystem_se350_firmwarethinkagile_mx3530-hthinksystem_sd650_firmwarethinksystem_st250_v2thinkagile_hx2321_firmwarethinkagile_hx2321thinkagile_hx3721_firmwarethinkagile_mx3330-f_firmwarethinksystem_sr860_v2_firmwarethinksystem_sr850p_firmwarethinksystem_st258thinkagile_hx1320thinkagile_hx1321_firmwarethinksystem_sr850pthinkagile_hx1320_firmwarethinksystem_sn550_v2thinkstation_p920_firmwarethinksystem_sr258_v2_firmwarethinkagile_hx3320_firmwarethinkagile_hx3521-gthinkagile_hx2331_firmwarethinkagile_mx3530_f_firmwarethinksystem_st650_v2_firmwarethinkagile_mx3330-fthinksystem_st258_v2_firmwarethinksystem_st258_firmwarethinkagile_hx3376_firmwarethinkagile_vx2330thinkagile_vx7330_firmwarethinkagile_vx7531_firmwarethinkagile_hx7821_firmwarethinksystem_sr850_firmwarethinkagile_vx3330_firmwarethinksystem_st550thinkagile_hx7531thinkagile_vx3520-gthinksystem_st658_v2_firmwarethinkagile_vx7531thinkagile_vx_2u4n_firmwarethinksystem_sr670_firmwarethinksystem_sr150thinkagile_vx3720thinksystem_sr850_v2_firmwarethinksystem_sr250_v2thinkagile_hx2330_firmwarethinksystem_sd650_v2_firmwarethinksystem_sr665_v3_firmwarethinkagile_mx3530-h_firmwarethinkagile_hx_enclosurethinkagile_hx1321thinksystem_st250_v2_firmwarethinkagile_hx7520thinkagile_hx3330thinkagile_mx3331-h_firmwarethinkedge_se450__firmwarethinksystem_sr645_v3_firmwarethinkagile_hx2720-ethinkagile_hx1331_firmwarethinksystem_sr650_firmwarethinksystem_sd650-n_v2_firmwarethinksystem_sn550_v2_firmwarethinkagile_hx3321thinkagile_hx7530thinksystem_sr250thinksystem_sr530thinkagile_hx5520_firmwarethinksystem_sr850_v2thinksystem_se350thinkagile_mx1020_firmwarethinkagile_mx1020thinksystem_sr665thinksystem_sr150_firmwarethinkagile_hx3520-gthinkagile_vx7320_n_firmwarethinksystem_sr860thinkagile_hx7821thinkagile_hx3720_firmwarethinkagile_hx5521_firmwarethinksystem_sr645_firmwarethinkagile_hx1021_firmwarethinkagile_hx5530_firmwarethinkagile_vx3331thinksystem_st258_v2thinkagile_vx7820_firmwarethinkagile_hx5520-c_firmwarethinksystem_sd530_firmwarethinkagile_vx_1sethinkagile_mx3331-hthinkagile_hx5521-c_firmwarethinksystem_sd650_v2thinkstation_p920thinksystem_sr650_v2thinkagile_vx7330thinksystem_sn550_firmwarethinkagile_hx5521-cthinksystem_sr250_firmwarethinksystem_sr258_firmwarethinksystem_sr590_firmwarethinkagile_mx3530_fthinkagile_hx1520-rthinksystem_sd630_v2thinkagile_hx1521-rthinkagile_hx1520-r_firmwarethinkagile_hx3320thinkagile_vx3720_firmwarethinkagile_hx5531thinkagile_vx_1se_firmwarethinksystem_sr630_firmwarethinkagile_vx7520_n_firmwarethinksystem_sr550_firmwarethinkagile_hx2331thinkagile_hx2320-ethinkagile_vx5530thinkagile_mx3331-fthinkagile_hx7531_firmwarethinkagile_vx1320thinksystem_sr645thinksystem_sr670thinksystem_sr590thinkagile_vx3331_firmwarethinkagile_vx7520_firmwarethinksystem_sr950_firmwarethinkagile_vx2330_firmwarethinkagile_vx3530-g_firmwarethinksystem_sr630_v2_firmwarethinksystem_sr665_v3thinkagile_hx3376thinkagile_hx5531_firmwarethinkagile_mx3531_hthinkagile_vx3530-gthinkagile_vx5530_firmwarethinksystem_sr650thinksystem_sr258thinkagile_hx5521thinkagile_mx3531-fthinkagile_mx3531-f_firmwareXClarity Controller
CWE ID-CWE-20
Improper Input Validation
CVE-2023-0896
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-8.8||HIGH
EPSS-0.14% / 33.58%
||
7 Day CHG~0.00%
Published-01 May, 2023 | 13:52
Updated-30 Jan, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access.

Action-Not Available
Vendor-Lenovo Group Limited
Product-smart_clock_essential_with_alexa_built_in_firmwaresmart_clock_essential_with_alexa_built_inLenovo Smart Clock Essential with Alexa Built In
CWE ID-CWE-20
Improper Input Validation
CVE-2021-3970
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.36% / 58.81%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-l340-17irh_firmwareideapad_3-17ada05_firmwarev14_g2-itl_firmwareideapad_3-17itl6legion_5-15ith6hideapad_3-14ada05legion_y545_firmwarelegion_5-15imh6s145-15api_firmwareslim_9-14itl05slim_7_pro-14ihu5legion_y545ideapad_3-17itl6_firmwareyoga_slim_7_pro-14ihu5_olegion_5-17ach6legion_5-15ith6h_firmwarel340-17iwlyoga_c740-14imllegion_5_pro-16ith6legion_5-17ith6hyoga_slim_7_pro-14itl5ideapad_3-17are05_firmwares145-14ast_firmwares145-14iil_firmwarelegion_5-15ach6alegion_5-17ith6_firmwareyoga_slim_9-14itl05_firmwarelegion_y540-15irh-pg0ideapad_3-14igl05_firmwarev14-ada_firmwareideapad_3-14itl05_firmwareyoga_slim_7_pro-14ach5_od_firmwareideapad_3-14iml05_firmwarelegion_5-15imh6_firmwarev140-15iwl_firmwarev14-iilyoga_c940-14iillegion_5_pro-16ach6h_firmwares145-14igmslim_7_pro-14ihu5_firmwarelegion_5-17ach6h_firmwarev15_g1-imlv17-iils540-13iml_firmwareideapad_3-17alc6v14-iil_firmwarelegion_y540-17irhl340-15irhideapad_3-17iml05ideapad_3-17iil05_firmwares540-13api_firmwarev340-17iwlideapad_3-15igl05s145-14igm_firmwareyoga_slim_7_pro-14itl5_firmwares145-15ast_firmwareideapad_5-15are05_firmwareideapad_3-15itl6ideapad_3-15alc6yoga_7-14acn6_firmwareideapad_3-15ada05legion_y540-17irh_firmwareideapad_3-17are05ideapad_3-15ada6legion_5-15ach6legion_7-16ithg6_firmwarelegion_5-15ach6h_firmwareideapad_3-17ada6_firmwareideapad_3-17ada05l3-15itl6_firmwareideapad_3-14iml05yoga_slim_7_pro-14ihu5_o_firmwarev14-ares145-15astyoga_c740-15imls145-15igmv17_g2-itlideapad_3-15iml05s145-15iill340-15iwl_touchlegion_s7-15ach6_firmwareyoga_slim_7_pro-14ach5_firmwareyoga_slim_7_pro-14ach5_oideapad_3-15iil05_firmwarev15_g2-alc_firmwarelegion_5_pro-16ach6legion_y540-15irh_firmwares145-15apiv15_g2-itl_firmwarev14_g1-imllegion_5_pro-16ith6hl340-17irhyoga_slim_7_pro-14ach5_dyoga_slim_7_pro-14ach5ideapad_3-14are05_firmwareideapad_3-14alc6_firmwarelegion_5_pro-16ach6_firmwarev140-15iwllegion_y545-pg0ideapad_3-14igl05l3_15iml05v15-igl_firmwareideapad_gaming_3-15imh05_firmwareideapad_3-15itl05legion_7-16ithg6ideapad_3-15iml05_firmwarelegion_5-17ach6hl340-15iwl_touch_firmwarev15-iillegion_s7-15ach6ideapad_3-15iil05ideapad_3-14ada6ideapad_3-15ada6_firmwareideapad_3-17iml05_firmwarel340-15iwl_firmwarev14-igl_firmwareideapad_3-17ada6legion_5-15ach6a_firmwareyoga_c740-14iml_firmwarev15-ada_firmwareideapad_3-14are05legion_5-17ith6legion_5_pro-16ach6hv14_g2-acllegion_5-17ach6_firmwarelegion_y540-15irh-pg0_firmwareyoga_slim_7_pro-14arh5v15_g2-itlyoga_7-14acn6legion_5-17ith6h_firmwarelegion_5_pro-16ith6h_firmwarelegion_y7000-2019-pg0ideapad_3-14itl6ideapad_gaming_3-15imh05ideapad_3-15are05s540-13imlv15-adas14_g2_itls145-15igm_firmwareideapad_creator_5-15imh05yoga_slim_7_pro-14ach5_odv15_g1-iml_firmwarev15-iglideapad_5-15iil05_firmwarelegion_5-15ith6v17-iil_firmwarev17_g2-itl_firmwareyoga_slim_9-14itl05ideapad_gaming_3-15arh05_firmwarelegion_y540-17irh-pg0_firmwareideapad_3-15are05_firmwareyoga_slim_7_pro-14ach5_d_firmwarel340-15iwlideapad_3-15igl05_firmwareideapad_3-15itl05_firmwareideapad_5-15iil05s145-14api_firmwarelegion_y7000-2019-pg0_firmwarelegion_y545-pg0_firmwareyoga_slim_7_pro-14ach5_o_firmwarev14_g1-iml_firmwarelegion_y7000-2019_firmwareyoga_slim_7_pro-14arh5_firmwares145-14iilideapad_3-14alc6s145-15iil_firmwareslim_9-14itl05_firmwarev14-iglideapad_3-15itl6_firmwarev14_g2-itll340-17iwl_firmwares145-14astv15_g2-alcv15-iil_firmwareyoga_slim_7_pro-14ihu5ideapad_3-14itl6_firmwareideapad_5-15are05legion_y540-17irh-pg0legion_5-15ith6_firmwares14_g2_itl_firmwarel3_15iml05_firmwares145-14apiideapad_3-14ada05_firmwarev14-adav14_g2-acl_firmwareideapad_3-15alc6_firmwarev14-are_firmwareideapad_3-14ada6_firmwarev340-17iwl_firmwareideapad_3-17alc6_firmwareideapad_3-17iil05ideapad_3-15ada05_firmwareideapad_3-14iil05ideapad_3-14iil05_firmwareideapad_creator_5-15imh05_firmwareideapad_gaming_3-15arh05legion_y7000-2019yoga_c940-14iil_firmwareideapad_3-14itl05legion_y540-15irhl3-15itl6legion_5-15ach6_firmwares540-13apilegion_7-16achg6_firmwareyoga_c740-15iml_firmwareyoga_slim_7_pro-14ihu5_firmwarel340-15irh_firmwarelegion_5-15ach6hlegion_5_pro-16ith6_firmwarelegion_7-16achg6Notebook BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-3843
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.46%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:05
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_l15_gen_1thinkpad_x380_yogathinkpad_11e_4th_gen_i7_firmwarethinkpad_11e_4th_gen_celeron_firmwarethinkpad_t460_firmwarethinkpad_x260_firmwarethinkpad_x390_yoga_firmwarethinkpad_11e_4th_gen_i3_firmwarethinkpad_l380_firmwarethinkpad_l390thinkpad_11e_4th_gen_celeronthinkpad_l15_gen_1_firmwarethinkpad_11e_4th_gen_i3thinkpad_l14_gen_1thinkpad_l380thinkpad_11e_5th_genthinkpad_x1_fold_gen_1thinkpad_l390_yogathinkpad_11e_3rd_genthinkpad_s2_yoga_gen_6_firmwarethinkpad_x390_yogathinkpad_l15_firmwarethinkpad_s5_2nd_gen_firmwarethinkpad_x12_detachable_gen_1thinkpad_11e_5th_gen_firmwarethinkpad_x12_detachable_gen_1_firmwarethinkpad_l13_yoga_gen_2thinkpad_l13_firmwarethinkpad_l380_yogathinkpad_s5_2nd_genthinkpad_l14_gen_1_firmwarethinkpad_x1_fold_gen_1_firmwarethinkpad_l14thinkpad_l13thinkpad_l390_firmwarethinkpad_l13_yoga_gen_2_firmwarethinkpad_l14_firmwarethinkpad_t460thinkpad_l390_yoga_firmwarethinkpad_13_gen_2thinkpad_l15thinkpad_l13_gen_2_firmwarethinkpad_s2_yoga_gen_6thinkpad_x380_yoga_firmwarethinkpad_11e_4th_gen_i7thinkpad_l13_gen_2thinkpad_l380_yoga_firmwarethinkpad_11e_4th_gen_i5thinkpad_s2_gen_6thinkpad_11e_3rd_gen_firmwarethinkpad_x260thinkpad_l13_yogathinkpad_11e_yoga_gen_6_firmwarethinkpad_11e_4th_gen_i5_firmwarethinkpad_s2_gen_6_firmwarethinkpad_11e_yoga_gen_6thinkpad_yoga_370thinkpad_13_gen_2_firmwarethinkpad_l13_yoga_firmwareThinkPad BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-3786
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 13.71%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:05
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_t14sthinkpad_x13_yoga_gen_1thinkpad_l460_firmwarethinkpad_p17_gen_1thinkpad_11e_4th_gen_firmwarethinkpad_e490thinkpad_x1_fold_gen_1thinkpad_p51sthinkpad_p53thinkpad_x1_carbon_3rd_genthinkpad_p72_firmwarethinkpad_x12_detachable_gen_1_firmwarethinkpad_l590thinkpad_l460thinkpad_p52thinkpad_l13_yoga_gen_2_firmwarethinkpad_p70thinkpad_13_gen_2thinkpad_e470_firmwarethinkpad_x1_carbon_gen_8thinkpad_t460pthinkpad_p1thinkpad_e15_firmwarethinkpad_x1_tablet_firmwarethinkpad_t14s_firmwarethinkpad_l380_yoga_firmwarethinkpad_x280thinkpad_x390thinkpad_s540thinkpad_t15g_gen_1thinkpad_l470_firmwareideapad_yoga_s940-14iwlthinkpad_x1_carbon_3rd_gen_firmwarethinkpad_t490_firmwarethinkpad_l380_firmwarethinkpad_t15_firmwarethinkpad_t560_firmwarethinkpad_t580thinkpad_l390_yogathinkpad_t15p_gen_1_firmwarethinkpad_s5_2nd_gen_firmwarethinkpad_x1_carbon_gen_6_firmwarethinkpad_t570_firmwarethinkpad_yoga_11e_5th_genthinkpad_x1_carbon_5th_gen_kabylakethinkpad_t15p_gen_1thinkpad_x1_extreme_gen_3thinkpad_l570_firmwarethinkpad_x380_yoga_firmwarev330-15iskthinkpad_l13_yogathinkpad_11e_yoga_gen_6_firmwarethinkpad_s540_firmwarethinkpad_x1_yoga_4th_genthinkpad_t15g_gen_1_firmwarethinkpad_p52_firmwarethinkpad_x1_carbon_gen_6thinkpad_t580_firmwarethinkpad_e15v130-15igm_firmwarethinkpad_e15_gen_3_firmwarethinkpad_e14_gen_3_firmwarethinkpad_t460sthinkpad_11e_3rd_genthinkpad_x390_yogathinkpad_e570thinkpad_x1_carbon_gen_8_firmwarethinkpad_s5_2nd_genthinkpad_p14s_gen_1thinkpad_x1_yoga_3rd_gen_firmwarethinkpad_x1_extreme_firmwarethinkpad_11e_4th_genthinkpad_x13_gen_1_firmwarethinkpad_25_firmwarethinkpad_yoga_11e_5th_gen_firmwarethinkpad_e580thinkpad_p1_gen_3thinkpad_l13_gen_2thinkpad_x1_tablet_gen_3_firmwarethinkpad_p71thinkpad_x1_titanium_firmwarethinkpad_10_firmwarethinkpad_t14s_gen_2_firmwarethinkpad_e480_firmwarethinkpad_p51s_firmwarethinkpad_x250thinkpad_x1_carbon_gen_7ideapad_s940-14iwlthinkpad_t460_firmwarethinkpad_t460s_firmwarethinkpad_p15s_gen_2_firmwarethinkpad_x270_firmwarethinkpad_x1_carbon_5th_gen_skylake_firmwarethinkpad_s2_yoga_gen_6_firmwarethinkpad_x12_detachable_gen_1thinkpad_p1_gen_3_firmwarethinkpad_helix_firmwarethinkpad_l490thinkpad_t480s_firmwarethinkpad_p71_firmwarethinkpad_x1_carbon_5th_gen_skylakethinkpad_x1_tablet_gen_3thinkpad_l590_firmwarethinkpad_e15_gen_2_firmwarethinkpad_e15_gen_2thinkpad_l15thinkpad_t15_gen_2thinkpad_x1_titaniumthinkpad_l560_firmwarethinkpad_x260thinkpad_x1_nano_gen_1_firmwarethinkpad_11e_3rd_gen_firmwarethinkpad_p14s_gen_2thinkpad_e15_gen_3thinkpad_x250_firmwarethinkpad_p15v_gen_1_firmwarethinkpad_p53s_firmwarethinkpad_p15_gen_1v130-15igmthinkpad_x1_extreme_2ndthinkpad_t470_firmwarethinkpad_p52sthinkpad_13_gen_2_firmwarethinkpad_l13_yoga_firmwarethinkpad_t480_firmwarethinkpad_p50_firmwarethinkpad_25thinkpad_e580_firmwarethinkpad_x260_firmwarethinkpad_e590_firmwarethinkpad_t570thinkpad_l560thinkpad_t490thinkpad_x280_firmwarethinkpad_x1_yoga_1st_gen_firmwarethinkpad_t590thinkpad_t550thinkpad_p73_firmwarethinkpad_x1_tabletthinkpad_x1_carbon_5th_gen_kabylake_firmwarethinkpad_w550sthinkpad_l480thinkpad_x1_carbon_gen_7_firmwarethinkpad_t460thinkpad_x390_firmwarethinkpad_l390_yoga_firmwarethinkpad_s2_yoga_gen_6thinkpad_x270thinkpad_x1_yoga_gen_5_firmwarethinkpad_l580_firmwarethinkpad_t14_gen_2_firmwarethinkpad_e14_gen_2thinkpad_10ideapad_s940-14iwl_firmwarethinkpad_p50s_firmwarethinkpad_yoga_370thinkpad_p15s_gen_1_firmwarethinkpad_x13_yoga_gen_1_firmwarethinkpad_t440p_firmwarethinkpad_l470thinkpad_e570_firmwarethinkpad_t440pthinkpad_yoga_15thinkpad_l15_gen_2thinkpad_x390_yoga_firmwarethinkpad_p15v_gen_1thinkpad_l380thinkpad_t590_firmwarethinkpad_yoga_11e_4th_gen_firmwarethinkpad_x1_extremethinkpad_l490_firmwarethinkpad_yoga_11e_3rd_gen_firmwarethinkpad_x1_tablet_gen_2_firmwarethinkpad_p1_gen_2_firmwarethinkpad_t460p_firmwarethinkpad_l13_firmwarethinkpad_p52s_firmwarethinkpad_x13_gen_2thinkpad_l15_gen_2_firmwarethinkpad_x1_carbon_4th_gen_firmwarethinkpad_t550_firmwarethinkpad_l13_gen_2_firmwarethinkpad_e590thinkpad_x1_yoga_3rd_genthinkpad_e14_gen_3thinkpad_x13_gen_1thinkpad_s2_gen_6thinkpad_x1_nano_gen_1thinkpad_p1_firmwarethinkpad_t15thinkpad_p15_gen_1_firmwarethinkpad_p14s_gen_2_firmwarethinkpad_p15s_gen_1v330-15ikb_firmwarethinkpad_t14s_gen_2thinkpad_x1_yoga_gen_5thinkpad_x380_yogathinkpad_l480_firmwarethinkpad_p53sthinkpad_t480sthinkpad_x13_yoga_gen_2thinkpad_x1_extreme_2nd_firmwarethinkpad_p51_firmwarethinkpad_e14ideapad_yoga_s940-14iwl_firmwarethinkpad_l13_yoga_gen_2thinkpad_l570thinkpad_x1_yoga_4th_gen_firmwarethinkpad_p43sthinkpad_l390_firmwarethinkpad_t490s_firmwarethinkpad_l14_firmwarethinkpad_t14_gen_2thinkpad_x1_extreme_gen_3_firmwarethinkpad_t470s_firmwarethinkpad_p14s_gen_1_firmwarethinkpad_l580thinkpad_p50thinkpad_x1_tablet_gen_2v330-15ikbthinkpad_s2_gen_6_firmwarethinkpad_x13_yoga_gen_2_firmwarethinkpad_p1_gen_2thinkpad_t470p_firmwarethinkpad_11e_yoga_gen_6thinkpad_x13_gen_2_firmwarethinkpad_e490_firmwarethinkpad_p70_firmwarethinkpad_t560thinkpad_e14_gen_2_firmwarethinkpad_t470thinkpad_x1_carbon_4th_genthinkpad_p17_gen_1_firmwarethinkpad_yoga_11e_3rd_genthinkpad_l390thinkpad_t15_gen_2_firmwarethinkpad_p53_firmwarethinkpad_p50sthinkpad_x1_yoga_1st_genv330-15isk_firmwarethinkpad_l15_firmwarethinkpad_e480thinkpad_yoga_260thinkpad_p51thinkpad_l380_yogathinkpad_x1_fold_gen_1_firmwarethinkpad_l14thinkpad_l13thinkpad_t490sthinkpad_p73thinkpad_e470thinkpad_yoga_11e_4th_genthinkpad_yoga_15_firmwarethinkpad_t470sthinkpad_p72thinkpad_t14_gen_1thinkpad_yoga_260_firmwarethinkpad_t470pthinkpad_helixthinkpad_t14_gen_1_firmwarethinkpad_w550s_firmwarethinkpad_e14_firmwarethinkpad_yoga_370_firmwarethinkpad_p15s_gen_2thinkpad_t480thinkpad_p43s_firmwareNotebook and ThinkPad BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-3719
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.46%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:05
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkcentre_m4500q_firmwarethinkcentre_m8500t\/sthinkcentre_m83thinkcentre_m800thinkcentre_m6500t\/s_firmwarethinkcentre_m900thinkcentre_m818z_firmwarethinkcentre_m73pthinkstation_p900thinkcentre_m900x_firmwarethinkcentre_m93p_firmwarethinkcentre_m93thinkcentre_m818zthinkcentre_m700_tinythinkstation_p500thinkcentre_m8500t\/s_firmwarethinkcentre_m6500t\/sthinkcentre_m93_firmwarethinkcentre_e93_firmwarethinkstation_p700_firmwarethinkcentre_m73p_firmwarethinkcentre_m73thinkcentre_x1thinkstation_p700thinkstation_p900_firmwarethinkcentre_m4500qthinkcentre_m73_firmwarethinkcentre_m93pthinkstation_p500_firmwarethinkcentre_m800_firmwarethinkcentre_e93thinkcentre_m900xthinkcentre_m83_firmwarethinkcentre_x1_firmwarethinkcentre_m700_tiny_firmwarethinkcentre_m600_firmwarethinkstation_p300thinkstation_p300_firmwarethinkcentre_m600thinkcentre_m900_firmwareThinkCentre and ThinkStation BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-3599
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.46%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:05
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_t14sthinkpad_x13_yoga_gen_1thinkpad_l460_firmwarethinkpad_p17_gen_1thinkpad_11e_4th_gen_firmwarethinkpad_e490thinkpad_x1_fold_gen_1thinkpad_p51sthinkpad_p53thinkpad_x1_carbon_3rd_genthinkpad_p72_firmwarethinkpad_x12_detachable_gen_1_firmwarethinkpad_l590thinkpad_l460thinkpad_p52thinkpad_l13_yoga_gen_2_firmwarethinkpad_p70thinkpad_13_gen_2thinkpad_e470_firmwarethinkpad_x1_carbon_gen_8thinkpad_t460pthinkpad_p1thinkpad_e15_firmwarethinkpad_x1_tablet_firmwarethinkpad_t14s_firmwarethinkpad_l380_yoga_firmwarethinkpad_x280thinkpad_x390thinkpad_s540thinkpad_t15g_gen_1thinkpad_l470_firmwareideapad_yoga_s940-14iwlthinkpad_x1_carbon_3rd_gen_firmwarethinkpad_t490_firmwarethinkpad_l380_firmwarethinkpad_t15_firmwarethinkpad_t560_firmwarethinkpad_t580thinkpad_l390_yogathinkpad_t15p_gen_1_firmwarethinkpad_s5_2nd_gen_firmwarethinkpad_x1_carbon_gen_6_firmwarethinkpad_t570_firmwarethinkpad_yoga_11e_5th_genthinkpad_x1_carbon_5th_gen_kabylakethinkpad_t15p_gen_1thinkpad_x1_extreme_gen_3thinkpad_l570_firmwarethinkpad_x380_yoga_firmwarev330-15iskthinkpad_l13_yogathinkpad_11e_yoga_gen_6_firmwarethinkpad_s540_firmwarethinkpad_x1_yoga_4th_genthinkpad_t15g_gen_1_firmwarethinkpad_p52_firmwarethinkpad_x1_carbon_gen_6thinkpad_t580_firmwarethinkpad_e15v130-15igm_firmwarethinkpad_e15_gen_3_firmwarethinkpad_e14_gen_3_firmwarethinkpad_t460sthinkpad_11e_3rd_genthinkpad_x390_yogathinkpad_e570thinkpad_x1_carbon_gen_8_firmwarethinkpad_s5_2nd_genthinkpad_p14s_gen_1thinkpad_x1_yoga_3rd_gen_firmwarethinkpad_x1_extreme_firmwarethinkpad_11e_4th_genthinkpad_x13_gen_1_firmwarethinkpad_25_firmwarethinkpad_yoga_11e_5th_gen_firmwarethinkpad_e580thinkpad_p1_gen_3thinkpad_l13_gen_2thinkpad_x1_tablet_gen_3_firmwarethinkpad_p71thinkpad_x1_titanium_firmwarethinkpad_10_firmwarethinkpad_t14s_gen_2_firmwarethinkpad_e480_firmwarethinkpad_p51s_firmwarethinkpad_x250thinkpad_x1_carbon_gen_7ideapad_s940-14iwlthinkpad_t460_firmwarethinkpad_t460s_firmwarethinkpad_p15s_gen_2_firmwarethinkpad_x270_firmwarethinkpad_x1_carbon_5th_gen_skylake_firmwarethinkpad_s2_yoga_gen_6_firmwarethinkpad_x12_detachable_gen_1thinkpad_p1_gen_3_firmwarethinkpad_helix_firmwarethinkpad_l490thinkpad_t480s_firmwarethinkpad_p71_firmwarethinkpad_x1_carbon_5th_gen_skylakethinkpad_x1_tablet_gen_3thinkpad_l590_firmwarethinkpad_e15_gen_2_firmwarethinkpad_e15_gen_2thinkpad_l15thinkpad_t15_gen_2thinkpad_x1_titaniumthinkpad_l560_firmwarethinkpad_x260thinkpad_x1_nano_gen_1_firmwarethinkpad_11e_3rd_gen_firmwarethinkpad_p14s_gen_2thinkpad_e15_gen_3thinkpad_x250_firmwarethinkpad_p15v_gen_1_firmwarethinkpad_p53s_firmwarethinkpad_p15_gen_1v130-15igmthinkpad_x1_extreme_2ndthinkpad_t470_firmwarethinkpad_p52sthinkpad_13_gen_2_firmwarethinkpad_l13_yoga_firmwarethinkpad_t480_firmwarethinkpad_p50_firmwarethinkpad_25thinkpad_e580_firmwarethinkpad_x260_firmwarethinkpad_e590_firmwarethinkpad_t570thinkpad_l560thinkpad_t490thinkpad_x280_firmwarethinkpad_x1_yoga_1st_gen_firmwarethinkpad_t590thinkpad_t550thinkpad_p73_firmwarethinkpad_x1_tabletthinkpad_x1_carbon_5th_gen_kabylake_firmwarethinkpad_w550sthinkpad_l480thinkpad_x1_carbon_gen_7_firmwarethinkpad_t460thinkpad_x390_firmwarethinkpad_l390_yoga_firmwarethinkpad_s2_yoga_gen_6thinkpad_x270thinkpad_x1_yoga_gen_5_firmwarethinkpad_l580_firmwarethinkpad_t14_gen_2_firmwarethinkpad_e14_gen_2thinkpad_10ideapad_s940-14iwl_firmwarethinkpad_p50s_firmwarethinkpad_yoga_370thinkpad_p15s_gen_1_firmwarethinkpad_x13_yoga_gen_1_firmwarethinkpad_t440p_firmwarethinkpad_l470thinkpad_e570_firmwarethinkpad_t440pthinkpad_yoga_15thinkpad_l15_gen_2thinkpad_x390_yoga_firmwarethinkpad_p15v_gen_1thinkpad_l380thinkpad_t590_firmwarethinkpad_yoga_11e_4th_gen_firmwarethinkpad_x1_extremethinkpad_l490_firmwarethinkpad_yoga_11e_3rd_gen_firmwarethinkpad_x1_tablet_gen_2_firmwarethinkpad_p1_gen_2_firmwarethinkpad_t460p_firmwarethinkpad_l13_firmwarethinkpad_p52s_firmwarethinkpad_x13_gen_2thinkpad_l15_gen_2_firmwarethinkpad_x1_carbon_4th_gen_firmwarethinkpad_t550_firmwarethinkpad_l13_gen_2_firmwarethinkpad_e590thinkpad_x1_yoga_3rd_genthinkpad_e14_gen_3thinkpad_x13_gen_1thinkpad_s2_gen_6thinkpad_x1_nano_gen_1thinkpad_p1_firmwarethinkpad_t15thinkpad_p15_gen_1_firmwarethinkpad_p14s_gen_2_firmwarethinkpad_p15s_gen_1v330-15ikb_firmwarethinkpad_t14s_gen_2thinkpad_x1_yoga_gen_5thinkpad_x380_yogathinkpad_l480_firmwarethinkpad_p53sthinkpad_t480sthinkpad_x13_yoga_gen_2thinkpad_x1_extreme_2nd_firmwarethinkpad_p51_firmwarethinkpad_e14ideapad_yoga_s940-14iwl_firmwarethinkpad_l13_yoga_gen_2thinkpad_l570thinkpad_x1_yoga_4th_gen_firmwarethinkpad_p43sthinkpad_l390_firmwarethinkpad_t490s_firmwarethinkpad_l14_firmwarethinkpad_t14_gen_2thinkpad_x1_extreme_gen_3_firmwarethinkpad_t470s_firmwarethinkpad_p14s_gen_1_firmwarethinkpad_l580thinkpad_p50thinkpad_x1_tablet_gen_2v330-15ikbthinkpad_s2_gen_6_firmwarethinkpad_x13_yoga_gen_2_firmwarethinkpad_p1_gen_2thinkpad_t470p_firmwarethinkpad_11e_yoga_gen_6thinkpad_x13_gen_2_firmwarethinkpad_e490_firmwarethinkpad_p70_firmwarethinkpad_t560thinkpad_e14_gen_2_firmwarethinkpad_t470thinkpad_x1_carbon_4th_genthinkpad_p17_gen_1_firmwarethinkpad_yoga_11e_3rd_genthinkpad_l390thinkpad_t15_gen_2_firmwarethinkpad_p53_firmwarethinkpad_p50sthinkpad_x1_yoga_1st_genv330-15isk_firmwarethinkpad_l15_firmwarethinkpad_e480thinkpad_yoga_260thinkpad_p51thinkpad_l380_yogathinkpad_x1_fold_gen_1_firmwarethinkpad_l14thinkpad_l13thinkpad_t490sthinkpad_p73thinkpad_e470thinkpad_yoga_11e_4th_genthinkpad_yoga_15_firmwarethinkpad_t470sthinkpad_p72thinkpad_t14_gen_1thinkpad_yoga_260_firmwarethinkpad_t470pthinkpad_helixthinkpad_t14_gen_1_firmwarethinkpad_w550s_firmwarethinkpad_e14_firmwarethinkpad_yoga_370_firmwarethinkpad_p15s_gen_2thinkpad_t480thinkpad_p43s_firmwareThinkPad BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-3452
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 19.60%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 20:30
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_11e_4th_genthinkpad_x380_yogathinkpad_t460thinkpad_yoga_11e_4th_genthinkpad_13_gen_2thinkpad_yoga_370thinkpad_l15_gen_2thinkpad_e15_gen_2thinkpad_l15thinkpad_l390thinkpad_yoga_11e_3rd_genthinkpad_11e_5th_genthinkpad_l380thinkpad_l14_gen_2thinkpad_l390_yogathinkpad_l13_gen_2thinkpad_11e_3rd_genthinkpad_x260thinkpad_x12_detachable_gen_1thinkpad_e14_gen_2thinkpad_l13_yogathinkpad_l380_yogabiosthinkpad_l13_yogo_gen_2thinkpad_11e_yoga_gen_6thinkpad_l14thinkpad_l13ThinkPad BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2022-4574
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 6.52%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 14:36
Updated-09 Sep, 2024 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.  

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_t14sthinkpad_x13_yoga_gen_1thinkpad_p17_gen_1thinkpad_x1_fold_gen_1thinkpad_p17_gen_2thinkpad_t15p_gen_3_firmwarethinkpad_x13_yoga_gen_2thinkpad_p16_gen_1thinkpad_x1_extreme_gen_5_firmwarethinkpad_t15p_gen_3thinkpad_x1_carbon_9th_gen_firmwarethinkpad_x1_yoga_5th_genthinkpad_x1_carbon_8th_gen_firmwarethinkpad_x1_carbon_9th_genthinkpad_p14s_gen_3_firmwarethinkpad_x1_extreme_gen_5thinkpad_t16_gen_1_firmwarethinkpad_t14_gen_3thinkpad_x1_carbon_7th_genthinkpad_p14s_gen_1thinkpad_x1_yoga_4th_gen_firmwarethinkpad_x1_extreme_4th_gen_firmwarethinkpad_x1_carbon_7th_gen_firmwarethinkpad_t15p_gen_2_firmwarethinkpad_l14_firmwarethinkpad_t14_gen_2thinkpad_p15v_gen_3thinkpad_x13_gen_3_firmwarethinkpad_p14s_gen_1_firmwarethinkpad_x1_yoga_6th_genthinkpad_t15p_gen_2thinkpad_t15g_gen_2thinkpad_p1_gen_3thinkpad_l14_gen_2thinkpad_x13thinkpad_t14_gen_2_firmwarethinkpad_p16s_gen_1thinkpad_t14s_firmwarethinkpad_p15_gen_2_firmwarethinkpad_x1_titanium_firmwarethinkpad_t14s_gen_3_firmwarethinkpad_x13_yoga_gen_2_firmwarethinkpad_t14s_gen_2_firmwarethinkpad_p1_gen_5thinkpad_t15g_gen_1thinkpad_x1_yoga_6th_gen_firmwarethinkpad_p15s_gen_1_firmwarethinkpad_x13_yoga_gen_1_firmwarethinkpad_x13_gen_2_firmwarethinkpad_l15_gen_2thinkpad_p17_gen_1_firmwarethinkpad_p15v_gen_1thinkpad_p14s_gen_3thinkpad_t15_gen_2_firmwarethinkpad_p15s_gen_2_firmwarethinkpad_x1_nano_gen_2_firmwarethinkpad_x1_yoga_7th_gen_firmwarethinkpad_p17_gen_2_firmwarethinkpad_p15v_gen_2_firmwarethinkpad_p16_gen_1_firmwarethinkpad_t15p_gen_1_firmwarethinkpad_x1_yoga_7th_genthinkpad_l15_firmwarethinkpad_x1_extreme_4th_genthinkpad_p15_gen_2thinkpad_p1_gen_3_firmwarethinkpad_p15v_gen_2thinkpad_t15g_gen_2_firmwarethinkpad_x13_firmwarethinkpad_x1_fold_gen_1_firmwarethinkpad_l14thinkpad_x1_carbon_8th_genthinkpad_x13_gen_2thinkpad_t15p_gen_1thinkpad_p1_gen_5_firmwarethinkpad_x1_carbon_10th_genthinkpad_l15_gen_2_firmwarethinkpad_l14_gen_2_firmwarethinkpad_t14s_gen_3thinkpad_l15thinkpad_t14_gen_1thinkpad_t15_gen_2thinkpad_x1_titaniumthinkpad_t16_gen_1thinkpad_t14_gen_1_firmwarethinkpad_p1_gen_4_firmwarethinkpad_x1_nano_gen_1thinkpad_x1_nano_gen_1_firmwarethinkpad_t14_gen_3_firmwarethinkpad_p15_gen_1_firmwarethinkpad_x1_extreme_3rd_gen_firmwarethinkpad_x1_yoga_5th_gen_firmwarethinkpad_x1_extreme_3rd_genthinkpad_p14s_gen_2thinkpad_p15s_gen_2thinkpad_p15v_gen_1_firmwarethinkpad_p15_gen_1thinkpad_x1_yoga_4th_genthinkpad_t15g_gen_1_firmwarethinkpad_x1_nano_gen_2thinkpad_p14s_gen_2_firmwarethinkpad_p15s_gen_1thinkpad_x1_carbon_10th_gen_firmwarethinkpad_p16s_gen_1_firmwarethinkpad_p15v_gen_3_firmwarethinkpad_t14s_gen_2thinkpad_p1_gen_4thinkpad_x13_gen_3ThinkPad BIOSthinkpad
CWE ID-CWE-20
Improper Input Validation
CVE-2022-4573
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.28%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 14:34
Updated-06 Sep, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_x1_fold_gen_1thinkpad_x1_fold_gen_1_firmwareThinkPad X1 Fold Gen 1thinkpad_x1_fold_gen_1
CWE ID-CWE-20
Improper Input Validation
CVE-2022-48189
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 6.25%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 14:39
Updated-09 Sep, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_t14sthinkpad_x13_yoga_gen_1thinkpad_p17_gen_1thinkpad_e490thinkpad_e590_firmwarethinkpad_thinkpad_r14_gen_2_firmwarethinkpad_t490thinkpad_p16_gen_1thinkpad_p73_firmwarethinkpad_t590thinkpad_x1_extreme_gen_5_firmwarethinkpad_p53thinkpad_x1_carbon_9th_gen_firmwarethinkpad_x1_yoga_5th_genthinkpad_z16_gen_1_firmwarethinkpad_x1_carbon_8th_gen_firmwarethinkpad_x12_detachable_gen_1_firmwarethinkpad_l590thinkpad_p14s_gen_3_firmwarethinkpad_x1_carbon_9th_genthinkpad_t14_gen_3thinkpad_x1_carbon_7th_genthinkpad_x1_extreme_4th_gen_firmwarethinkpad_l15_gen_3_firmwarethinkpad_x1_carbon_7th_gen_firmwarethinkpad_t15p_gen_2_firmwarethinkpad_p15v_gen_3thinkpad_x390_firmwarethinkpad_x13_gen_3_firmwarethinkpad_x1_yoga_6th_genthinkpad_t15p_gen_2thinkpad_e14_gen_4thinkpad_e15_firmwarethinkpad_l13_gen_3_firmwarethinkpad_t14_gen_2_firmwarethinkpad_x13thinkpad_t14s_firmwarethinkpad_p15_gen_2_firmwarethinkpad_t14s_gen_3_firmwarethinkpad_e14_gen_2thinkpad_x390thinkpad_z13_gen_1_firmwarethinkpad_e15_gen_4thinkpad_t15g_gen_1thinkpad_x1_yoga_6th_gen_firmwarethinkpad_p15s_gen_1_firmwarethinkpad_x1_extreme_2nd_genthinkpad_x13_yoga_gen_1_firmwarethinkpad_e14_gen_4_firmwarethinkpad_z13_gen_1thinkpad_l15_gen_2thinkpad_t490_firmwarethinkpad_x390_yoga_firmwarethinkpad_p14s_gen_3thinkpad_p15v_gen_1thinkpad_t15_firmwarethinkpad_t590_firmwarethinkpad_p17_gen_2_firmwarethinkpad_x1_yoga_7th_gen_firmwarethinkpad_t15p_gen_1_firmwarethinkpad_x1_yoga_7th_genthinkpad_l490_firmwarethinkpad_x1_extreme_4th_genthinkpad_thinkpad_r14_gen_4thinkpad_l13_yoga_gen_3_firmwarethinkpad_p1_gen_2_firmwarethinkpad_p15v_gen_2thinkpad_t15g_gen_2_firmwarethinkpad_l13_gen_3thinkpad_x13_firmwarethinkpad_x1_carbon_8th_genthinkpad_x13_gen_2thinkpad_t15p_gen_1thinkpad_l15_gen_2_firmwarethinkpad_t14s_gen_3thinkpad_e590thinkpad_e490sthinkpad_x1_nano_gen_1thinkpad_p15_gen_1_firmwarethinkpad_t15thinkpad_x1_extreme_3rd_gen_firmwarethinkpad_x1_extreme_3rd_genthinkpad_p14s_gen_2_firmwarethinkpad_t15g_gen_1_firmwarethinkpad_x1_nano_gen_2thinkpad_x1_yoga_4th_genthinkpad_p15s_gen_1thinkpad_x13_yoga_gen_3thinkpad_t14s_gen_2thinkpad_x13_gen_3thinkpad_thinkpad_s3_2nd_gen_firmwarethinkpad_e15thinkpad_p53sthinkpad_p17_gen_2thinkpad_e15_gen_4_firmwarethinkpad_t15p_gen_3_firmwarethinkpad_x13_yoga_gen_2thinkpad_t15p_gen_3thinkpad_x390_yogathinkpad_e14thinkpad_l15_gen_3thinkpad_x1_extreme_gen_5thinkpad_t16_gen_1_firmwarethinkpad_p14s_gen_1thinkpad_p43sthinkpad_x1_yoga_4th_gen_firmwarethinkpad_l14_firmwarethinkpad_t490s_firmwarethinkpad_t14_gen_2thinkpad_p14s_gen_1_firmwarethinkpad_t15g_gen_2thinkpad_p1_gen_3thinkpad_p16s_gen_1thinkpad_l13_yoga_gen_3thinkpad_e490s_firmwarethinkpad_thinkpad_r14_gen_4_firmwarethinkpad_x1_titanium_firmwarethinkpad_p1_gen_2thinkpad_x13_yoga_gen_2_firmwarethinkpad_t14s_gen_2_firmwarethinkpad_p1_gen_5thinkpad_thinkpad_s3_2nd_genthinkpad_z16_gen_1thinkpad_x13_gen_2_firmwarethinkpad_e490_firmwarethinkpad_e14_gen_2_firmwarethinkpad_p17_gen_1_firmwarethinkpad_p15s_gen_2_firmwarethinkpad_p53_firmwarethinkpad_t15_gen_2_firmwarethinkpad_x1_nano_gen_2_firmwarethinkpad_p15v_gen_2_firmwarethinkpad_p16_gen_1_firmwarethinkpad_l15_firmwarethinkpad_x12_detachable_gen_1thinkpad_p1_gen_3_firmwarethinkpad_p15_gen_2thinkpad_l490thinkpad_thinkpad_r14_gen_2thinkpad_l14thinkpad_t490sthinkpad_p73thinkpad_l590_firmwarethinkpad_p1_gen_5_firmwarethinkpad_x1_carbon_10th_genthinkpad_e15_gen_2_firmwarethinkpad_x1_extreme_2nd_gen_firmwarethinkpad_e15_gen_2thinkpad_l15thinkpad_t14_gen_1thinkpad_t15_gen_2thinkpad_x1_titaniumthinkpad_t16_gen_1thinkpad_t14_gen_1_firmwarethinkpad_e14_firmwarethinkpad_p1_gen_4_firmwarethinkpad_x1_nano_gen_1_firmwarethinkpad_t14_gen_3_firmwarethinkpad_p14s_gen_2thinkpad_x1_yoga_5th_gen_firmwarethinkpad_p15s_gen_2thinkpad_p53s_firmwarethinkpad_p15v_gen_1_firmwarethinkpad_p15_gen_1thinkpad_x13_yoga_gen_3_firmwarethinkpad_x1_carbon_10th_gen_firmwarethinkpad_p16s_gen_1_firmwarethinkpad_p15v_gen_3_firmwarethinkpad_p43s_firmwarethinkpad_p1_gen_4ThinkPad BIOSthinkpad
CWE ID-CWE-20
Improper Input Validation
CVE-2016-4782
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.53% / 67.66%
||
7 Day CHG~0.00%
Published-23 May, 2016 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack."

Action-Not Available
Vendor-n/aGoogle LLCLenovo Group Limited
Product-androidshareitn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-3429
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.35%
||
7 Day CHG~0.00%
Published-27 Oct, 2023 | 18:57
Updated-09 Sep, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly.

Action-Not Available
Vendor-Lenovo Group Limited
Product-gm266dns_firmwaregm266dnsg263dns_firmwareg263dnsgm265dngm265dn_firmwarePrinter GM265DN (production date July 2022 and later)Printer GM266DNSPrinter GM265DN (production date June 2022 and before)Printer G263DNS
CWE ID-CWE-20
Improper Input Validation
CVE-2016-3944
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 61.55%
||
7 Day CHG~0.00%
Published-03 Jun, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com.

Action-Not Available
Vendor-n/aLenovo Group Limited
Product-accelerator_applicationn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9072
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 54.59%
||
7 Day CHG~0.00%
Published-30 Nov, 2018 | 14:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LXCI for VMware

In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads.

Action-Not Available
Vendor-Lenovo Group Limited
Product-xclarity_integratorLXCI for VMware
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9066
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-8.8||HIGH
EPSS-0.67% / 71.71%
||
7 Day CHG~0.00%
Published-30 Jul, 2018 | 15:00
Updated-16 Sep, 2024 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system.

Action-Not Available
Vendor-Lenovo Group Limited
Product-xclarity_administratorLenovo xClarity Administrator
CWE ID-CWE-20
Improper Input Validation
CVE-2020-8349
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-9.8||CRITICAL
EPSS-2.62% / 85.97%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 21:25
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL.

Action-Not Available
Vendor-Lenovo Group Limited
Product-rackswitch_ne1072trackswitch_ne2572rackswitch_ne1032rackswitch_g8296rackswitch_g8272cloud_networking_operating_systemrackswitch_ne0152trackswitch_ne10032rackswitch_g8332rackswitch_ne1032tCloud Networking Operating System (CNOS)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-8324
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-5||MEDIUM
EPSS-0.06% / 18.25%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 21:05
Updated-16 Sep, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_interface_foundationLenovoAppScenarioPluginSystem for Lenovo System Interface Foundation
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3752
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-8.2||HIGH
EPSS-0.15% / 34.69%
||
7 Day CHG~0.00%
Published-09 Aug, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.

Action-Not Available
Vendor-IBM CorporationLenovo Group Limited
Product-bladecenterflex_systemg8052_firmwareg8124e_firmwareg8264_firmware1g_l2-7_slbg8332_firmwarelayer_2\/3_copper_firmwareen2092_1gb_firmwareg8316_firmware1\fabric_cn4093_10gb_firmwaresi4091_firmwarevirtual_fabric_10gbrackswitchg8296_firmwarefabric_en4093r_10gb_firmwarefabric_en4093\/en4093r_10gb_firmwareg8264cs_firmwareg8264t_firmwareg8124_firmwareg8272_firmwareLenovo and IBM Switch Products
CWE ID-CWE-20
Improper Input Validation
CVE-2023-43570
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.97%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 22:07
Updated-12 Sep, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkcentre_m70q_firmwarethinkcentre_m80t_gen_3ideacentre_aio_3-27itl6_firmwarethinkstation_p340_workstationthinkcentre_m70s_firmwarethinkcentre_m90q_gen_2thinkcentre_m70t_gen_3thinkcentre_m90q_tiny_firmwarethinkcentre_neo_30a_27_gen_3_firmwarethinkcentre_m70a_gen_3ideacentre_g5-14imb05_firmwarethinkstation_p330_workstationthinkcentre_m70qideacentre_5_14iab7_firmwareideacentre_aio_3-24alc6thinkstation_p340_workstation_firmwarev55t_gen_2_13acnloq_17irb8_firmwarethinkcentre_m90q_gen_3ideacentre_5_14irb8_firmwarethinkcentre_neo_30a_27_gen_3thinkcentre_m90t_gen_3_firmwarethinkcentre_m630ethinkcentre_m625qideacentre_aio_3-24imb05_firmwareyoga_aio_7_27arh7_firmwarethinkstation_p520_workstation_firmwareyoga_aio_7-27arh6v50t-13imbthinkstation_p360_workstationthinkcentre_m70a_gen_3_firmwarethinkcentre_m90a_pro_gen_3_firmwareloq_17irb8thinkstation_p350_workstationideacentre_mini_5_01iaq7thinkstation_p520c_workstationthinkstation_p350_workstation_firmwareideacentre_5-14iob6v30a-22itlthinkstation_p330_workstation_2nd_genv50a-24imb_firmwareideacentre_gaming_5_17acn7_firmwarethinkcentre_m70c_firmwarev55t_gen_2_13acn_firmwarethinkcentre_m90tthinkstation_p330_workstation_2nd_gen_firmwarethinkcentre_neo_50a_24_gen_4_firmwarethinkcentre_neo_30a_22_gen_4ideacentre_5-14iob6_firmwarelegion_t7_34irz8_firmwareideacentre_aio_3-22itl6_firmwarethinkcentre_m70s_gen_3_firmwarethinkedge_se30_firmwarethinkcentre_m80q_gen_3_firmwarethinkcentre_m920z_all-in-one_firmwarethinkcentre_neo_30a_27_gen_4legion_t5_26irb8v50a-22imbthinkstation_p350_tiny_workstationv50a-24imbthinkcentre_neo_30a_24_gen_3thinkcentre_m90sthinkstation_p358_workstation_firmwarethinkcentre_m70q_gen_2_firmwarev50s-07imbideacentre_creator_5-14iob6thinkcentre_m90a_gen_3thinkcentre_m75s_gen_2ideacentre_5-14acn6_firmwareideacentre_aio_3-24imb05ideacentre_gaming_5-14acn6thinkcentre_m80tthinkcentre_m70tideacentre_5-14imb05thinkcentre_m90a_gen_2_firmwarethinkcentre_m90a_pro_gen_3thinkcentre_m90a_firmwarethinkcentre_m625q_firmwareyoga_aio_7_27arh7ideacentre_aio_5_24iah7ideacentre_aio_3_21itl7ideacentre_aio_5_27iah7_firmwareideacentre_aio_3-27imb05thinkstation_p348_workstation_firmwareideacentre_aio_3-24itl6_firmwarethinkstation_p920_workstationideacentre_aio_3_22iap7_firmwarethinkstation_p330_workstation_firmwarethinkcentre_m75t_gen_2_firmwarethinkstation_p360_ultra_workstationideacentre_aio_3-22iil5yoga_aio_7-27arh6_firmwareideacentre_aio_5_24iah7_firmwarethinkcentre_neo_70t_gen_3_firmwarethinkcentre_m90a_gen_3_firmwareideacentre_aio_3_24iap7_firmwareideacentre_aio_3-24iil5ideacentre_gaming_5-14iob6thinkcentre_m90q_tinythinkcentre_neo_50t_gen_3thinkcentre_m70t_firmwarelegion_t7-34imz5_firmwareideacentre_mini_5_01iaq7_firmwareideacentre_g5-14imb05thinkcentre_neo_30a_27_gen_4_firmwareideacentre_aio_3-24iil5_firmwareideacentre_t540-15ama_gthinkcentre_neo_70t_gen_3ideacentre_aio_3-22itl6thinkstation_p358_workstationideacentre_aio_3_27iap7_firmwarethinkstation_p350_tiny_workstation_firmwarethinkstation_p360_ultra_workstation_firmwarethinkcentre_m90t_firmwarev30a-24imlthinkcentre_m80sthinkcentre_m70q_gen_2thinkcentre_m75s_gen_2_firmwarelegion_t7-34iaz7thinkcentre_m80q_firmwarelegion_t5_26iab7_firmwarelegion_t5_26iab7ideacentre_aio_3-27itl6thinkcentre_m90s_firmwarethinkcentre_m630e_firmwareideacentre_aio_3-22imb05v50t-13iob_firmwarethinkcentre_neo_30a_22_gen_3_firmwareideacentre_mini_5-01imh05thinkcentre_m80t_gen_3_firmwareideacentre_aio_3_22iap7ideacentre_gaming_5_17acn7ideacentre_aio_3_21itl7_firmwarethinkstation_p340_tiny_workstationthinkcentre_neo_30a_22_gen_3thinkcentre_m90s_gen_3thinkstation_p320_workstationthinkcentre_neo_50t_gen_3_firmwarethinkstation_p348_workstationideacentre_t540-15ama_g_firmwareideacentre_aio_3_27iap7ideacentre_g5-14amr05_firmwarethinkcentre_m75n_firmwarethinkcentre_m80qthinkedge_se30ideacentre_5_14iab7ideacentre_mini_5-01imh05_firmwarelegion_t7_34irz8thinkcentre_m75nthinkstation_p920_workstation_firmwarelegion_t7-34imz5v30a-24iml_firmwarethinkcentre_m70t_gen_3_firmwarethinkstation_p520_workstationv50t-13imh_firmwarethinkcentre_m920z_all-in-onethinkcentre_neo_30a_24_gen_3_firmwarethinkstation_p520c_workstation_firmwareideacentre_3-07ada05thinkcentre_m70cthinkcentre_neo_30a_24_gen_4v50t-13iobthinkstation_p360_tiny_workstation_firmwareideacentre_aio_3-22iil5_firmwarethinkstation_p720_workstationthinkcentre_m75q_gen_2thinkcentre_m90q_gen_3_firmwarethinkcentre_m90athinkcentre_neo_50a_24_gen_4thinkcentre_m80s_gen_3v30a-24itl_firmwareideacentre_aio_3-22imb05_firmwareideacentre_c5-14imb05thinkcentre_m90s_gen_3_firmwarethinkcentre_m70s_gen_3ideacentre_aio_3_24iap7thinkcentre_m90q_gen_2_firmwarethinkcentre_m80q_gen_3v30a-24itlv50a-22imb_firmwarethinkstation_p360_tiny_workstationthinkcentre_m70sthinkcentre_neo_50a_24_gen_3_firmwarev50s-07imb_firmwarev30a-22imlthinkcentre_neo_30a_24_gen_4_firmwareideacentre_aio_3-24itl6ideacentre_c5-14imb05_firmwareideacentre_aio_3-27imb05_firmwarethinkcentre_m80s_gen_3_firmwarelegion_t5_26irb8_firmwarev30a-22iml_firmwareideacentre_3-07ada05_firmwarev30a-22itl_firmwarethinkcentre_m75q_gen_2_firmwarethinkstation_p360_workstation_firmwarethinkstation_p340_tiny_workstation_firmwareideacentre_5-14imb05_firmwarev50t-13imb_firmwareideacentre_gaming_5_17iab7ideacentre_3-07imb05_firmwareideacentre_5_14irb8thinkstation_p720_workstation_firmwareideacentre_g5-14amr05ideacentre_aio_3-24alc6_firmwareideacentre_gaming_5-14iob6_firmwarethinkcentre_m80t_firmwarethinkstation_p320_workstation_firmwarethinkcentre_m90a_gen_2ideacentre_5-14acn6thinkcentre_neo_50a_24_gen_3thinkcentre_neo_30a_22_gen_4_firmwarethinkcentre_m80s_firmwareideacentre_aio_5_27iah7ideacentre_3-07imb05legion_t7-34iaz7_firmwareideacentre_gaming_5_17iab7_firmwareideacentre_gaming_5-14acn6_firmwarethinkcentre_m75t_gen_2ideacentre_creator_5-14iob6_firmwarethinkcentre_m90t_gen_3v50t-13imhDesktop BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2024-27912
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.23%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 20:47
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Printerslingxlang_g262dn_firmwarelingxlang_g336dn_firmwarelj2310n_firmwarelingxlang_gm337dn_firmwarelingxlang_gm265dn_firmwarelingxlang_lj2320dn_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2023-5079
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.5||HIGH
EPSS-0.12% / 30.54%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 22:03
Updated-03 Sep, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure.

Action-Not Available
Vendor-Lenovo Group Limited
Product-lecloudLeCloud Application
CWE ID-CWE-20
Improper Input Validation
CVE-2023-34422
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.31%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 19:45
Updated-06 Nov, 2024 | 21:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-xclarity_administratorLenovo XClarity Administrator
CWE ID-CWE-20
Improper Input Validation
CVE-2023-34421
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.31%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 19:45
Updated-06 Nov, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-xclarity_administratorLenovo XClarity Administrator
CWE ID-CWE-20
Improper Input Validation
CVE-2022-1431
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 41.74%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:27
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5185
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.5||HIGH
EPSS-0.56% / 68.77%
||
7 Day CHG~0.00%
Published-30 Mar, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service.

Action-Not Available
Vendor-n/aMicro Focus International Limited
Product-sentinelNetIQ Sentinel Server
CWE ID-CWE-20
Improper Input Validation
CVE-2013-7177
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-5||MEDIUM
EPSS-0.84% / 75.16%
||
7 Day CHG~0.00%
Published-01 Feb, 2014 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.

Action-Not Available
Vendor-fail2bann/a
Product-fail2bann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0082
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-6.46% / 91.26%
||
7 Day CHG~0.00%
Published-20 Feb, 2014 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.

Action-Not Available
Vendor-n/aRuby on Rails
Product-ruby_on_railsrailsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12824
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 61.54%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 03:33
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.

Action-Not Available
Vendor-pexipn/a
Product-pexip_infinityn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-13387
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 61.54%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 03:34
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.

Action-Not Available
Vendor-pexipn/a
Product-pexip_infinityn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0020
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.53% / 87.91%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message.

Action-Not Available
Vendor-n/aPidgin
Product-pidginn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12080
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-7.5||HIGH
EPSS-0.67% / 71.71%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 17:45
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability has been identified in FlexNet Publisher's lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash.

Action-Not Available
Vendor-flexeran/a
Product-flexnet_publishern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-1302
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.98% / 77.15%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 07:30
Updated-16 Sep, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Malformed Goose Message in LibIEC61850 may result in a denial of service

In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service.

Action-Not Available
Vendor-mz-automationMZ Automation
Product-libiec61850libIEC61850
CWE ID-CWE-20
Improper Input Validation
CVE-2020-13111
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.58% / 69.25%
||
7 Day CHG~0.00%
Published-16 May, 2020 | 14:50
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing the process to crash.

Action-Not Available
Vendor-naviserver_projectn/a
Product-naviservern/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0628
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5||MEDIUM
EPSS-0.26% / 49.06%
||
7 Day CHG~0.00%
Published-25 Mar, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

Action-Not Available
Vendor-n/aDell Inc.
Product-bsafe_micro-edition-suiten/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12526
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-5.3||MEDIUM
EPSS-0.38% / 59.65%
||
7 Day CHG~0.00%
Published-13 May, 2021 | 13:45
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BECKHOFF: DoS-Vulnerability for TwinCAT OPC UA Server and IPC Diagnostics UA Server

TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs.

Action-Not Available
Vendor-Beckhoff Automation GmbH & Co. KG
Product-ipc_diagnostics_ua_servertf6100twincat_opc_ua_serverTwinCAT OPC UA ServerTF6100IPC Diagnostics UA Server
CWE ID-CWE-20
Improper Input Validation
CVE-2020-10922
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.5||HIGH
EPSS-6.75% / 91.47%
||
7 Day CHG~0.00%
Published-23 Jul, 2020 | 15:35
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of proper input validation prior to further processing user requests. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-10527.

Action-Not Available
Vendor-AutomationDirect
Product-ea9-t15clea9-t12clea9-t15cl-rea9-rhmiea9-t10clc-more_hmi_ea9_firmwareea9-t7cl-rea9-t8clea9-t6cl-rea9-t7clea9-t6clea9-pgmswea9-t10wclHMI EA9
CWE ID-CWE-20
Improper Input Validation
CVE-2020-11268
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.58%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 09:10
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lead to denial of service in Snapdragon Auto, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfe3100pm8909qfe1040qfe2550wcd9330wgr7640qfe1550qfe1045pm8994mdm9645qfe1035qfe2340msm8974mdm8215qfe2330qca6174awtr4905mdm9609qfe2320msm8108qca6174mdm9635mpmd9645mdm9615wtr2605wtr1605msm8929wtr2955msm8939wcn3660bqfe3335mdm9640apq8094wcn3680mdm8215mqca6584msm8209qca1990apq8009pm8941msm8974pmdm9310pm8841wcd9306msm8208wtr1625lqfe2520msm8274qfe1520apq8074pm8916apq8084pmd9635mdm9215qfe2101mdm9615msmb1360wtr1625qfe3320msm8216qfe1100wcn3660awtr1605lqfe3345pm8018msm8674wcn3680bmdm8615mqfe1101wfr1620apq8016qfe3340qfe2720wtr4605msm8994sd210qfe2310wtr3925pmi8994wcn3620msm8916wcn3660ar6003mdm9235mwcn3610msm8608Snapdragon Auto, Snapdragon Mobile
CWE ID-CWE-20
Improper Input Validation
CVE-2020-11200
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.68%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 09:41
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer over-read while parsing RPS due to lack of check of input validation on values received from user side. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfe3100qfs2580qfe2550qcs610pmi8996qdm2307qfs2530qpa8802qln1030qpa8688pm6125qat3519pm8150asc8180x\+sdx55qtc800hqdm5670qcs2290sa6155qca6335pm7150lqpa8821qln1020wtr3905qdm5671pmc1000hqat3518sd632sd8cwcn3998wcn3950sm4125sd720gqpa5460wcn3660bqfe4320qcc112qca4020pm845qdm5652sd6905gqpm8870qpm5679qbt2000pm855pqca6420wcd9360pm6150asdr735gpm8150bqsm7250pm8996qcs6125qfe2101qca6430qat3522qfe4455fcpmr735awcd9340sd765gqfe3440fcsdr660qca6436wcn6851sa6155pqpa6560sdr865pmc7180smb1358wcd9341pmi8952qca6431qln5020wcd9371smb1350sd750gwtr3950sa8150pqpm5657pm6350qdm5621qfe3340qtc800ssd660qdm5650sd712wcn3988wtr3925qfe2080fcsdr052smb1390pm6150lsd450qet4100mdm9640qpm6585qtc410swcn3991smb1355qln4650qpa8801wgr7640sd636qet5100qca6564ausdxr25gpm6150qca6574pm7250bqpa8842pmm8996auwcd9380qln4640qcs410smb1381sdr735pm7250wtr4905smb1395pm660lqpa8803ar8151smr526wtr5975wcn3980pmk8003qdm2301qsw8573qcs605wsa8815wcn6850qbt1000sd7cqca6320wcn3910sd835pm8009qpa8675sd730sdx55mpm670apm8008msm8953qsw8574pmi8998qfe2520pme605pm855lqcs603rsw8577sd8655gqpm5621qpm6582sd670pm670pm8150lqdm5677pm8005qsm8250sa6145pqdm2302pmm6155ausdxr1apq8096auwtr2965pm8150sdx55apq8053sa8155psd675qet4101pmi8994qat3516pm670lwcn3660qpm5658qca9379pm855bsmb2351qln1031qcm2290wsa8830qfe4465fcpm660sdr051qln5030pm4125qbt1500qpa5581pmi632pm456mdm9650qpa5373pmk8001qcs4290qet6100pmm855ausdr660gsd455qpa8686smb1396pm7150awcd9370qca6564sdr425qca6426whs9410qat5516wtr2955qdm5620qln1021aqsd662smb1380pm3003asa8155qat5533wcn3615qca6595auqtc800tsmb1354qdm2305qca6310qpm8820qpm2630qfe2081fcpm855pm8250sdm630sd821pmx55sdr675qca6421sm6250qdm3301sa8195ppm8953qat5515qca6694qpm5677qat3514wcd9326wcd9335qet4200aqwcd9385qpm5620pmm8155auqca6390wcd9375aqt1000apq8064auqpa8673qdm2310pmm8195auqln4642qca6694ausd820pm8998qca6564aqet6110qln5040qpm8895sdr845qpm5670wcn3990pm8019qca6595qpm8830qat5522wsa8835msm8996aupm8150cpmr735bsm6250prgr7640auqpa4360qln1035bdpm855aqpa4361qca6574aqca6174asmr525wcn6750pmr525qpm4650qtm525wtr6955sd855sd8cxsd665qca6175asd765pm640pqat3555sd460qca6391smb1351qfe2082fcpm660aqpa4340qcm4290sdx50mpm640asdr8150qln1036aqqtc801spmd9655qca6574ausd710qsw6310qcm6125wsa8810qdm2308qat3550pmx50qdm5679wcn3680bsdr8250sd768gqca6696sm4350pm8004pm640lpmk8002qpa2625sa6150psd845sm7250psdm830sd850pm6250qpa5580Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2020-10967
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-3.36% / 87.60%
||
7 Day CHG~0.00%
Published-18 May, 2020 | 14:02
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.

Action-Not Available
Vendor-n/aDovecot
Product-dovecotn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 22
  • 23
  • Next
Details not found