Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-8345

Summary
Assigner-lenovo
Assigner Org ID-da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At-14 Oct, 2020 | 21:25
Updated At-04 Aug, 2024 | 09:56
Rejected At-
Credits

A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:lenovo
Assigner Org ID:da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At:14 Oct, 2020 | 21:25
Updated At:04 Aug, 2024 | 09:56
Rejected At:
▼CVE Numbering Authority (CNA)

A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.

Affected Products
Vendor
Lenovo Group LimitedLenovo
Product
Vantage HardwareScan Plugin
Versions
Affected
  • From unspecified before 1.0.46.11 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-427CWE-427 Uncontrolled Search Path Element
Type: CWE
CWE ID: CWE-427
Description: CWE-427 Uncontrolled Search Path Element
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update the Lenovo HardwareScan Plugin to version 1.0.46.11. The Lenovo HardwareScan Plugin is automatically updated by the Lenovo System Interface Foundation Service. To immediately start the update process, reboot the computer or restart the "System Interface Foundation Service" service. To verify the Lenovo HardwareScan Plugin version: Open File Explorer and navigate to C:\ProgramData\Lenovo\ImController\Plugins\LenovoHardwareScanPlugin\x64 Right click on LenovoHardwareScanPlugin.dll and select Properties. Click on the Details tab. Read the File version.

Configurations
Workarounds
Exploits
Credits
Lenovo thanks Security Advisor, Anders Kusk, Improsec ApS for reporting this issue.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.lenovo.com/us/en/product_security/LEN-44421
x_refsource_MISC
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-44421
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.lenovo.com/us/en/product_security/LEN-44421
x_refsource_MISC
x_transferred
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-44421
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@lenovo.com
Published At:14 Oct, 2020 | 22:15
Updated At:26 Oct, 2020 | 14:09

A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary2.04.4MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.4
Base severity: MEDIUM
Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Lenovo Group Limited
lenovo
>>hardware_scan>>Versions before 1.0.46.11(exclusive)
cpe:2.3:a:lenovo:hardware_scan:*:*:*:*:*:lenovo_vantage:*:*
Weaknesses
CWE IDTypeSource
CWE-427Primarynvd@nist.gov
CWE-427Secondarypsirt@lenovo.com
CWE ID: CWE-427
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-427
Type: Secondary
Source: psirt@lenovo.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.lenovo.com/us/en/product_security/LEN-44421psirt@lenovo.com
Vendor Advisory
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-44421
Source: psirt@lenovo.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

0Records found
CVE-2021-3633
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.02% / 3.72%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 16:25
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-drivers_managementDriver Management
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-0192
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.07% / 21.10%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPCManager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-0164
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.07% / 22.16%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aLenovo Group LimitedIntel Corporation
Product-thinkstation_p910_firmwarethinkstation_p710_firmwarethinkstation_p510thinkstation_p710thinkstation_p910thinkstation_p410_firmwarethinkstation_p410thinkstation_p510_firmwareturbo_boost_max_technology_3.0Intel(R) Turbo Boost Max Technology 3.0
CWE ID-CWE-264
Not Available
CVE-2023-4706
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.07% / 22.42%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 21:59
Updated-02 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-preload_directory1Lenovo Preload Directory
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-8317
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.14% / 35.15%
||
7 Day CHG~0.00%
Published-24 Jul, 2020 | 16:10
Updated-17 Sep, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-drivers_managementDrivers Management
CWE ID-CWE-426
Untrusted Search Path
CVE-2020-8318
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.12% / 31.92%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 21:05
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_interface_foundationLenovoSystemUpdatePlugin for Lenovo System Interface Foundation
CVE-2020-8319
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.12% / 31.92%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 21:05
Updated-16 Sep, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_interface_foundationLenovo System Interface Foundation
CVE-2020-8326
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.13% / 32.98%
||
7 Day CHG~0.00%
Published-24 Jul, 2020 | 16:10
Updated-17 Sep, 2024 | 03:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-drivers_managementDrivers Management
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-3969
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.96%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 16:10
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_interface_foundationIMController
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2021-3922
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.96%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 16:10
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_interface_foundationIMController
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-1513
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-1.08% / 76.93%
||
7 Day CHG-0.05%
Published-23 Aug, 2022 | 17:25
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPCManager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-0354
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.05% / 15.66%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_updateSystem Update
CVE-2019-6196
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.62%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:50
Updated-17 Sep, 2024 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-installation_packageInstallation Packages
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-6170
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.07% / 22.85%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 20:40
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.

Action-Not Available
Vendor-Lenovo Group Limited
Product-s340-15iwl_touchl340-17irh_firmwarezhaoyang_e43-80_kbl_firmwareqitian_m4650v330-14isk_firmwarea340-22_iwl_firmware720s-15ikb_firmwarethinkpad_e490ideacentre_730s-24ikb_firmwarev110-15ikbthinkcentre_m73p130-15ikb_firmwarethinkcentre_m720qlegion_y740-17ichgthinkpad_p51sthinkpad_p53thinkpad_e450cthinkcentre_m79_firmwareyta8900fthinkpad_p72_firmwarethinkpad_l590thinkcentre_e93_firmwarerescuer_y7000p\(1060\)130-14ikb_firmwareyangtian_ws_h81_firmwarethinkpad_p52thinkpad_e560p_firmwarethinkpad_p70aio_330-20astthinkpad_e470_firmware330-15ikbrv530s-07icb_firmwarem4500_firmwarethinkpad_e460thinkpad_yoga_11ethinkpad_x280thinkcentre_m83_firmwarethinkstation_p318_firmwarethinkpad_tablet_8_firmwarec340-14iwl_firmwarelegion_t530-28icbthinkpad_l470_firmwares540-14iwl_firmwarelegion_t730-28ico330c-14ikbs540-14iwl_touch_firmwarethinkpad_l380_firmwarelegion_y740-15ichgthinkcentre_e74_firmwarethinkpad_r590_firmwareqitian_b5900_firmwarethinkpad_t560_firmwarethinkpad_t580thinkcentre_m4500kthinkcentre_m6500t_firmwarethinkcentre_m93z_\(aio\)yoga_s940-14iwl_firmwarethinkpad_x1_yogathinkcentre_m625q_firmwarethinkpad_t570_firmwarelegion_y520t_z370legion_t530-28icb_reflash_firmwarethinkcentre_m4500t_firmwares340-14iwlqt_b415_firmwareyangtian_wf_h81_pci_firmwareqitian_m4600_firmware340c-15ikb_firmwarethinkcentre_m910x_firmwarethinkcentre_m910s_firmwareyangtian_afh110_firmwareyangtian_wf_h110_pci_firmwarethinkpad_x380_yoga_firmwareyangtian_afq150_firmwarev320-14ikby7000_2019_1050v330-14ikb_firmwarethinkpad_w540h50-30g_desktopv330-14iskyoga_s940-14iwlyangtian_tc_h81_pci_firmwarethinkcentre_x1_aiothinkpad_p52_firmwarethinkpad_s2_yoga_4th_gen_firmwarethinkcentre_m720s_firmwarethinkpad_t580_firmwarelegion_t530-28aprideacentre_720-18icb_firmwareyoga530-14ikb_firmwares540-14iwl_touchthinkcentre_m4600tthinkcentre_m920q_firmwarezhaoyang_k42-80thinkpad_t25lenovo_v720-14ikbqt_a7400s540-15iwl_firmwareaio_330-20igm_firmwarethinkpad_t460sideacentre_300s-11ish_firmware510-15iklaio_520-24ast_firmwareyangtian_mf_h81_pci330-14ikb_firmware720s_touch-15ikb_firmwarethinkpad_e570thinkcentre_m79v310-14ikbthinkstation_p318thinkcentre_m700sthinkpad_x1_extreme_firmwarev130-14ikbthinkcentre_m6600t_firmware330-15ikb_firmwarethinkpad_e550thinkcentre_m8600s_firmwarec340-14iwlv310-15ikb_firmwareyoga_730-13iwl_firmwarethinkcentre_m715q_firmwarethinkpad_tablet_10_firmwarethinkcentre_m73_firmwarethinkpad_t440qitian_b4550_firmwarethinkpad_e580thinkcentre_e73_firmwarethinkcentre_m920t_firmwarethinkcentre_e93thinkcentre_m6500s_firmwareyoga_11e_3rd_genthinkpad_p71thinkcentre_m710q330-15ikbr_touchthinkpad_10_firmwarethinkpad_p51s_firmwarethinkcentre_m710e_firmwarethinkcentre_m8500ss145-15ikbthinkpad_x250thinkcentre_m900_firmwarev310z\(yt_s3150\)_firmware330-15ich_firmwarel340-15iwltouchthinkcentre_e75sthinkcentre_m920zyangtian_mc_h81_firmwarethinkcentre_m9550zthinkcentre_e74zideacentre_720-18aprthinkcentre_m9550z_firmwarethinkpad_helix_firmwarethinkpad_t480s_firmwarelegion_y9000p_2019_firmwarethinkpad_s3_3rd_genthinkcentre_m73p_firmwarelegion_y9000p_2019v130-14ikb_firmwarexiaoxin_tide_7000-15_u42thinkcentre_m7300z_firmwarethinkcentre_m6600qthinkcentre_m8350z_firmwarev310-14isk_firmwares145-14ikb_firmwarec340-15iwlwei5-14ikb_firmwarethinksystem_odc5200-cn650s_firmwarelegion_y740-15irhg_firmwarethinkcentre_m820zv110-14ikb_firmwarev310z\(yt_s3150\)v110-14ikbthinkpad_l560_firmwarethinkcentre_s510_firmwarelegion_y730-15ich_firmware330-14ikbthinkpad_p53s_firmwares145-15ikb_firmwareyangtian_tc_h81_pciyoga_s730-13iwll340-15irh_firmwarethinkstation_p300_firmwarel340-17irhthinkpad_p52sthinkpad_t470_firmwarethinkcentre_m73_tiny_firmwarethinkcentre_m920x_firmwarethinkcentre_m6600_firmwarethinkpad_t480_firmware530s-14iwl_firmwarethinkpad_x1_carbon_firmwarerescuer_y7000p\(1060\)_firmwarelegion_c730-19icothinkcentre_m4500q_firmwarethinkpad_e580_firmwareaio520-24iku_firmwarem4550_id_firmware530s-15ikbthinkpad_t570thinkpad_l560ideacentre_510-15icb_firmwarethinkcentre_m6600tthinkpad_t590yoga_11e_4th_gen_firmwarethinkpad_t550xiaoxin-14_2019iwlthinkpad_x1_tabletwei5-14ikbxiaoxin-14_2019iwl_firmwarethinkpad_t450sqt_a7400_firmwarev130-15ikbthinkcentre_m73yangtian_ws_h81rescuer_y7000yoga_s730-13iwl_firmwarev530-22icb\(yt_s4350\)thinkstation_p310_firmwareaio520-22ikuthinkpad_tablet_8thinkcentre_e96z_firmwarethinkpad_l390_yoga_firmwaree52-80yangtian_mc_h110thinkpad_x270k43c-80thinkpad_l580_firmwarev510-15ikbthinkcentre_m715qyoga_520-14ikbh50-30g_desktop_firmwarethinkpad_p50s_firmwarelegion_y530-15ich\(1060\)_firmwareaio520-22ikl_firmwareideacentre_300s-11ishv320-15ikb_firmwarethinkpad_t440p_firmwarethinkpad_l470xiaoxin_air-14iwl_2019thinkpad_t440s_firmwarethinkpad_e570_firmwarethinkpad_s5_firmwareyogo_a940-27icb_firmwarethinkpad_t440pideacentre_310s-08asr_firmwarethinkcentre_m9350zthinkpad_tablet_10a340-22_iwllegion_y9000k_2019thinkpad_x390_yoga_firmwareyoga_11e_4th_gen730s-13iwlthinkpad_l380thinkpad_t450_firmwarelegion_t530-28apr_firmwarethinkpad_x1_yoga_firmwarethinkpad_t590_firmwares340-14iwl_touchthinkpad_s1_yoga_firmwarethinkpad_x1_extremelegion_c530-19icbyangtian_wcc_h81_pcithinkpad_l490_firmwarethinkcentre_e73syoga530-14ikbthinkpad_x1_carbonthinkpad_e560_firmwarelegion_y7000p-1060_firmwarethinkpad_t460p_firmwarexiaoxin_air_14iwlthinkcentre_m8600s330-17ich_firmwarev310-15ikbxiaoxin-15_2019iwl_firmwarethinkpad_r490yangtian_mc_h81flex-15iwlaio_330-20ast_firmwareideacentre_510a-15icblegion_y730-17ich_firmwareyoga_11e_3rd_gen_firmwarethinkcentre_m710s_firmwarethinkpad_e590xiaoxin_air_14ikbrc340-15iwl_firmwarethinkcentre_m73_tinya340-22icbthinkcentre_e74s_firmwareyangtian_wc_h110_pcithinkpad_p1_firmwarethinkpad_s5_yoga_15v330-15igma340-22ast_firmwareqt_m410xiaoxin_air_15iwlthinkpad_yoga_11e_firmware330-14ikbryoga_730-13ikbv510-15ikb_firmwarev410z\(yt_s4250\)aio520-22iklthinkpad_l480_firmwarethinkpad_x380_yoga530s-15iwl_firmwarexiaoxin_air_13iwl_firmwareaio520-24ikurescuer_y7000pthinkpad_x131ethinkstation_p320rescuer_y7000p_firmwareqitian_4500thinkcentre_m93_firmwareyoga_730-13iwlv520t-15iklthinkcentre_m710t_firmwares340-14iwl_firmwareqitian_a815v510z_\(yt_s5250\)_firmwarethinksystem_hr650x_\(skl\)_firmwarethinkpad_l450qitian_m4650_firmwarethinkpad_t470s_firmwarethinkcentre_e73s_firmwareaio520-24ikl_firmwarezhaoyang_e53-80thinkpad_r590thinkpad_p50aio_520-24aste42-80_firmwarethinkcentre_m800_firmware530s-15ikb_firmwarethinkpad_p43s_\(20rx\)_firmwarev330-15ikbideacentre_310s-08igm_firmwarethinkcentre_m700tthinkpad_t440sqt_b415s340-15iwl_firmwareyangtian_we_h110_firmware330-15ikbflex_5-1570\(r\)thinkpad_p70_firmwarexx_chao5000-ikbra_firmwarethinkpad_13thinkpad_t470thinkcentre_m7300zs530-13iwl_firmwarethinkcentre_m700s_firmwarethinkcentre_e74lenovo_v720-14ikb_firmwarelegion_y530-15ich_firmwareyangtian_mc_h110_pciqitian_m4550330c-15ikbrthinkpad_e480v520s-08iklxiaoxin_air_14iwl_firmwarethinkpad_l380_yoga330-17ikbr_firmwarethinkpad_s3thinkcentre_m8600t_firmwarethinkcentre_m820z_firmware720s_touch-15ikblegion_y7000p-1060thinkpad_e470xiaoxin-14iwl_qc_2019720s-14ikbrthinkcentre_m4600t_firmwarerescuer_y7000_firmwarem4500yangtian_afh110a340-24_iwlthinkpad_helixflex_6-14ikbthinkpad_w550s_firmwarev320-17ikbrxiaoxin-15_2019iwlyangtian_mf_h110_pci_firmwareideacentre_700thinkcentre_m900z_firmwareideacentre_310s-08asr720s-15ikbthinkcentre_m83z_\(aio\)_firmwarethinkcentre_m720q_firmwarethinkcentre_m715sthinkpad_l460_firmwarethinkcentre_s510thinkpad_w541thinkcentre_m715q_rrthinkcentre_m700za340-22icb_firmwarethinkcentre_e95z_firmwarexiaoxin_air-15iwl_2019_firmwarethinkcentre_e96zthinkcentre_m818z_firmwarev530-22icb\(yt_s4350\)_firmwaremiix_720-12ikb_firmwarewei5-15ikbthinkpad_x240s_firmwarea340-24_iwl_firmwarethinkcentre_m715q_rr_firmwarethinkpad_l460yoga_520-14ikb_firmware510s-08ikl_firmwarethinkcentre_m710ea340-22ast330c-14ikb_firmwarev410z\(yt_s4250\)_firmwarethinkstation_p310thinkpad_s2_yoga_4th_genthinksystem_odc5200-cn650sthinkcentre_m4500sthinkpad_11ethinkstation_e32_firmwarethinkpad_t460pthinkpad_p1s340-15iwlthinkpad_x140elegion_y520t_z370_firmwareideacentre_510-15icbideacentre_510s-08ish340c-15ikbthinkpad_l380_yoga_firmwarethinkpad_x1_tablet_firmware530s-14ikb_firmwarev320-14ikb_firmwarethinkcentre_m920tthinkcentre_m715t_firmwarethinkpad_x390thinkcentre_m710tthinkpad_s540v520s-08ikl_firmwarethinkcentre_m720ty7000_2019_1050_firmwarev110-15ikb_firmwarelegion_t530-28apr_reflashlegion_c530-19icb_firmwares540-15iwll340-15irhideacentre_700_firmwareqt_m415_firmware340c-15iwlv130-15ikb_firmwarethinkpad_s3_firmwarexiaoxin_air-14iwl_2019_firmware330c-15ikbr_firmwarev310-14iskxiaoxin_tide_7000-15_u22thinkpad_s531_firmwarethinkpad_t490_firmwareqitian_b4650_firmwarev540-24iwl\(yt_s5430\)330-15ikbr_firmwarezhaoyang_k42-80_firmwarethinkpad_l390_yogayoga_730-15ikb_firmwareflex_6-1470aio520-24iklthinkpad_x240_firmwarethinkcentre_m4600s_firmwarethinkpad_l450_firmwarethinkcentre_m700z_firmwarethinkpad_13_firmwaremiix_720-12ikblegion_y740-17irhgxiaoxin_air-15iwl_2019thinkpad_l570_firmwarethinkpad_w540_firmwareflex-14iwlflex-15iwl_firmwareyangtian_mc_h110_pci_firmwarethinkpad_e550cthinkpad_e490sthinkcentre_e95zv330-15isklegion_t530-28icb_reflashwei5-15ikb_firmware330-17ikbthinkpad_s540_firmware330-17ichthinkcentre_m600_firmwarev730-15ikb_firmwarea340-24icbthinkcentre_m910q_firmwares340-15iwl_touch_firmwareqt_m410_firmwarethinkpad_s2_yoga_3rd_gen_firmwarethinkcentre_m910zs340-14iwl_touch_firmwarethinkcentre_m920sthinkcentre_m710q_firmwareqitian_4500_firmwarethinkpad_x390_yogathinkcentre_m818zqt_m415thinkcentre_m8600tthinkpad_s1_yogathinkpad_e560thinksystem_hr650x_\(skl\)yangtian_mf_h110_pcithinkcentre_m910qrescuer_y7000\(1060\)510s-08iklideacentre_720-18apr_firmwarethinkcentre_m720s340c-15iwl_firmwarethinkcentre_m90n-1_firmwarexiaoxin_air_15ikbr_firmwarethinkpad_p43s_\(20rx\)v330-15igm_firmware530s-14ikbyangtian_wcc_h81_pci_firmwarethinkcentre_m810zyangtian_afh81_firmwarethinkcentre_m9500zthinkpad_x131e_firmwarethinkcentre_m810z_firmwareflex_6-1470_firmwarev510z_\(yt_s5250\)m4550_idv330-14ikbthinkpad_e480_firmwareflex_6-14ikb_firmwarethinkstation_p300thinkcentre_m6600yangtian_me_h110_firmwarel340-15iwl330-14ikbr_firmwareyangtian_wf_h110_pcithinkpad_t540pthinkcentre_m6600sthinkpad_t540p_firmwarelegion_y530-15ich\(1060\)thinkpad_t460_firmwarethinkpad_t460s_firmwarethinkstation_p330330-17ikbrl340-17iwl_firmwarethinkcentre_m700qthinkpad_x270_firmware63_firmwarethinkpad_s2_yoga_3rd_genthinkcentre_m6500sthinkcentre_m8500s_firmwarethinkpad_l490aio520-24arr330-15ichxiaoxin_tide_7000-15_u22_firmwarethinkpad_p71_firmware330c-15ikb_firmwareqitian_b4650thinkpad_l590_firmwarethinkcentre_e75tthinkcentre_m4500qs145-15iwl_firmwarexiaoxin_air_15iwl_firmwareqitian_a815_firmwareyta8900f_firmwarethinkpad_x260s145-15iwlthinkcentre_m910tthinkpad_x250_firmware530s-15iwl330c-15ikbthinkpad_yoga_260-s1thinkcentre_e75t_firmwarethinkstation_p330_firmwarethinkpad_s5_2nd_generation_firmwareaio_330-20igmaio520-27ikl_firmwaree52-80_firmwarethinkcentre_m920qthinkpad_p50_firmwarethinkpad_s3_3rd_gen_firmwarethinkcentre_m4500s_firmwarethinkcentre_m720t_firmwarethinkpad_x260_firmwarelegion_y730-15ichthinkpad_e590_firmwarezhaoyang_e53-80_firmwarethinkstation_p320_tinythinkcentre_m800thinkpad_t450thinkcentre_m800zthinkcentre_m900yangtian_mc_h110_firmwarethinkpad_t490thinkcentre_m93p_firmwarethinkpad_x280_firmwarethinkcentre_m93thinkpad_p73_firmwarethinkstation_p330_tiny_firmwares940-14iwllegion_y740-15ichg_firmwarethinkcentre_m8350zxiaoxin-14iwl_qc_2019_firmwareyoga_730-15iwl_firmwarel340-17iwls530-13iwlthinkcentre_m625qthinkpad_w550sthinkpad_l480thinkpad_e450_firmwarethinkpad_t460thinkpad_x390_firmware330-17ikb_firmwarethinkpad_r490_firmwares540-14iwls145-14ikbthinkpad_t440_firmwarethinkcentre_m8500tthinkcentre_m83z_\(aio\)thinkcentre_m93plegion_t530-28icb_firmware330-15ikbr_touch_firmwareideacentre_510a-15icb_firmwarexiaoxin_air_13iwlv320-17ikbr_firmwareideacentre_730s-24ikbflex-14iwl_firmwarev530-24icb\(yt_s5350\)xx_chao5000-ikbrathinkpad_10thinkcentre_m700q_firmwareyangtian_me_h110legion_y740-17ichg_firmwareqitian_b5900v310-15iskv530s-07icb63thinkpad_yoga_370yangtian_afq150aio520-24arr_firmwarev310-14ikb_firmwarek43c-80_firmware130-14ikbqitian_b4550thinkpad_e550c_firmwareideacentre_310s-08igmthinkpad_x140e_firmwareideacentre_300-20ish_firmwarethinkstation_p330_tinyyangtian_mf_h81_pci_firmwarea340-24icb_firmwarethinkcentre_m9350z_firmwarethinkpad_x240legion_y740-17irhg_firmwarethinkcentre_m800z_firmwareyoga_730-15iwlthinkpad_t450s_firmwarethinkcentre_m9500z_firmwarexiaoxin_air_14ikbr_firmwarethinkcentre_m920s_firmwarethinkpad_p52s_firmwareideacentre_720-18icbthinkcentre_m920z_firmwarethinkpad_t550_firmwarethinkcentre_m4600sthinkcentre_e74sv510-14ikb_firmwarethinkcentre_m610thinkpad_s531thinkpad_yoga_260-s1_firmwareideacentre_300-20ishthinkpad_t25_firmwareyangtian_wf_h81_pcithinkcentre_m920xyangtian_ytm6900e-00_firmwares940-14iwl_firmwarethinkcentre_m90n-1m4500_id_firmwarethinkcentre_e73720s-14ikbr_firmwareflex_5-1570\(r\)_firmwarelegion_y740-15irhgthinkcentre_m6500tv330-15ikb_firmwarethinkcentre_m910xrescuer_y7000\(1060\)_firmwarethinkcentre_m6600s_firmwarethinkpad_p53sthinkpad_t480sthinkpad_w541_firmwarethinkpad_p51_firmwarethinkcentre_m910sl340-15iwl_firmwareyangtian_ms_h81_firmwarelegion_c730-19ico_firmwareqitian_m4600thinkpad_e460_firmwarethinkstation_p320_firmwarethinkpad_11e_firmwarethinkpad_l570thinkcentre_m6600q_firmware530s-14iwlthinkcentre_m8500t_firmwareyangtian_ms_h81thinkpad_s5_yoga_15_firmwarezhaoyang_e43-80_kblthinkcentre_m900zthinkpad_e450c_firmwareaio520-27iklthinkpad_t490s_firmwarethinkpad_x240sideacentre_510s-08ish_firmwaree42-80thinkpad_l580yogo_a940-27icbyangtian_tc_h110_pci_firmwarelegion_t730-28ico_firmwarethinkcentre_m8300z_firmwareyangtian_we_h110thinkpad_s5_2nd_generation130-15ikb510-15ikl_firmwarelegion_y730-17ichm4500_idthinkcentre_m725syangtian_ytm6900e-00v310-15isk_firmwarethinkpad_e490s_firmwarethinkpad_s5thinkpad_t470p_firmwarethinkcentre_m725s_firmwarelegion_t530-28apr_reflash_firmwarelegion_y9000k_2019_firmwarev540-24iwl\(yt_s5430\)_firmwareyoga_730-13ikb_firmwarethinkpad_e490_firmware730s-13iwl_firmwarev320-15ikbthinkpad_t560thinkcentre_m8300zs145-14iwlthinkpad_s1_3rd_firmwarethinksystem_hr630x_\(skl\)_firmwarexiaoxin_tide_7000-15_u42_firmwarelegion_y530-15ichthinkcentre_m700t_firmwarethinkstation_p320_tiny_firmwarethinkcentre_m83thinkpad_p50sthinkpad_p53_firmwarev330-15isk_firmwarethinkcentre_e74z_firmwarethinksystem_hr630x_\(skl\)v520t-15ikl_firmwarethinkpad_s1_3rdthinkcentre_x1_aio_firmwarethinkcentre_m4500k_firmwarexiaoxin_air_15ikbrthinkcentre_e75s_firmwarethinkpad_p51v510-14ikbthinkcentre_m610_firmwareqitian_m4550_firmwarev730-15ikbthinkpad_t490sl340-15iwltouch_firmwarethinkpad_p73thinkpad_e560pthinkcentre_m93z_\(aio\)_firmwares145-14iwl_firmwarev530-24icb\(yt_s5350\)_firmwarethinkcentre_m715tyangtian_wc_h110_pci_firmwarethinkpad_t470sthinkpad_p72thinkcentre_m910t_firmwarethinkpad_e450thinkpad_t470pthinkcentre_m710syangtian_afh81thinkcentre_m4500tthinkcentre_m910z_firmwarethinkpad_yoga_370_firmwarethinkpad_e550_firmwareyoga_730-15ikbthinkcentre_m715s_firmwareaio520-22iku_firmwarethinkpad_t480thinkstation_e32thinkcentre_m600yangtian_tc_h110_pciThinkPad
CVE-2019-6189
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.41%
||
7 Day CHG~0.00%
Published-20 Nov, 2019 | 01:31
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_interface_foundationLenovo System Interface Foundation
CWE ID-CWE-426
Untrusted Search Path
CVE-2021-3614
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 13.84%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 20:30
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.

Action-Not Available
Vendor-Lenovo Group Limited
Product-ideapad_yoga_s940-14iil_firmwareideapad_730-13imlideapad_s940-14iwlv130-15igm_firmwarev130-15ikb_firmwareideapad_s940-14iilideapad_yoga_s940-14iwlideapad_flex_5-15alc05ideapad_flex_5-14alc05ideapad_slim_1-14ast-05_firmwareideapad_yoga_s940-14iil100e_2nd_genv330-15isk_firmwareideapad_slim_1-11ast-05ideapad_slim_1-11ast-05_firmwareideapad_1-14igl05_firmwareideapad_yoga_s940-14iwl_firmware100e_2nd_gen_firmwareideapad_yoga_c940-15irh_firmwareideapad_1-14ada05_firmwarev130-15ikbideapad_1-11ada05_firmware300e_2nd_genideapad_yoga_c940-15irh300e_2nd_gen_firmwareideapad_1-11igl05ideapad_flex_5-15alc05_firmwareideapad_flex_5-14alc05_firmwareideapad_1-14ada05ideapad_1-11igl05_firmwareideapad_slim_1-14ast-05v330-15ikbv330-15iskideapad_1-11ada05ideapad_s940-14iwl_firmwareideapad_1-14igl05ideapad_s940-14iil_firmwareideapad_yoga_s730-13iml_firmwarev130-15igmideapad_yoga_s730-13imlv330-15ikb_firmwareideapad_730-13iml_firmwareNotebook BIOS
CWE ID-CWE-636
Not Failing Securely ('Failing Open')
CVE-2019-19705
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.20%
||
7 Day CHG~0.00%
Published-26 Dec, 2022 | 00:00
Updated-14 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading.

Action-Not Available
Vendor-n/aLenovo Group Limited
Product-aio510-23ish_firmwareyangtian_mc_h110_pci_firmwareyangtian_mf\/wf_h110_pcithinkserver_ts250_firmwarethinkpad_t25yangtian_ytm6900e-00thinkcentre_m9500zaio_910-27ishthinkpad_yoga_11e_3rd_gensydney_e3_h110yangtian_mc_h110_firmwarethinkpad_p51s_firmwarethinkserver_ts450_firmwarethinkpad_l470_firmwarethinkcentre_m6600ideacentre_510s-08ishthinkpad_a475thinkpad_l480ideacentre_310-15iapthinkpad_l560yangtian_me\/we_h110thinkpad_t470sthinkpad_t460sthinkstation_p320thinkcentre_m900z_firmwarethinkpad_p50_firmwarethinkcentre_m818zthinkpad_t460pyangtian_mc_h110thinkcentre_e95zthinkcentre_m715qideacentre_310s-08iap_firmwareaio520-24iku_firmwareideacentre_620s-03ikl_firmwareaio520-22ikuthinkserver_ts150thinkstation_p320_tinyqt_a7400legion_y520t_z370_firmwarethinkpad_x1_carbonthinkpad_x1_carbon_firmwareideacentre_310-15asrthinkpad_13thinkpad_l570thinkpad_l390_yoga_firmwarethinkserver_ts250thinkpad_x260_firmwareideacentre_310-15iap_firmwareaio_y910-27ishaio520-24ikl_firmwarethinkcentre_m8600t\/sthinkpad_t580thinkpad_yoga_11e_3rd_gen_firmwarethinkpad_t25_firmwarethinkpad_s3_3rd_genthinkpad_l450thinkpad_x280thinkpad_l380thinkcentre_m710ethinkcentre_m910qthinkpad_p71thinkcentre_m715t\/sthinkserver_ts140thinkcentre_m900zthinkpad_p52syta8900f_firmwarethinkstation_p330_firmwarethinkpad_t480sideacentre_520s-23ikulenovo_v320-15iapideacentre_520s-23iku_firmwarethinkpad_t460aio310-20iapthinkcentre_m6600_firmwarethinkcentre_m910_t\/sthinkstation_p330_tinythinkcentre_m810zthinkcentre_e95z_firmwarelegion_y520t_z370thinkpad_t480_firmwarethinkcentre_m810z_firmwarethinkserver_ts150_firmwarethinkpad_x280_firmwareideacentre_310s-08iapthinkpad_t450sthinkcentre_x1_aio_firmwarethinkpad_l460legion_y720_tower_firmwarelenovo_v320-15iap_firmwarethinkstation_p330thinkcentre_m8300z_firmwarethinkpad_x270thinkpad_x250_firmwarethinkserver_ts550thinkcentre_e74zthinkcentre_m800aio520-22iklaio720-24ikb_firmwarethinkcentre_m6600t\/s_firmwareideacentre_620s-03iklthinkcentre_m910xthinkpad_l460_firmwareaio300-23isu_firmwarethinkcentre_m700q_firmwarethinkpad_l570_firmwarethinkpad_l580_firmwarev510z_\(yt_s5250\)_firmwarethinkcentre_m715q_firmwarethinkpad_x1_yogav410z\(yt_s4250\)thinkcentre_m710t\/s_firmwarethinkcentre_m710qthinkserver_ts450thinkpad_t480thinkcentre_m710q_firmwareaio520-24ikuthinkserver_ts240thinkpad_p71_firmwarethinkcentre_m8350zyangtian_afh110thinkcentre_m900thinkpad_t460_firmwarethinkpad_t560_firmwareaio_y910-27ish_firmwarethinkpad_t580_firmwarethinkpad_s3_3rd_gen_firmwareideacentre_510s-08iklthinkcentre_m8350z_firmwareideacentre_300s-11ish_firmwarev510z_\(yt_s5250\)aio520-24iklthinkserver_ts140_firmwarethinkpad_t470s_firmwarethinkcentre_m710t\/sthinkcentre_m700qthinkcentre_m700z_firmwarethinkcentre_m9550zthinkpad_p51_firmwareideacentre_610s-02ishaio520-22iku_firmwareideacentre_510s-08ikl_firmwarethinkpad_t560aio_910-27ish_firmwareaio300-23isuthinkpad_p50sthinkstation_p318_firmwarethinkcentre_m8300zaio510-23ishyangtian_me\/we_h110_firmwarethinkpad_x250thinkpad_t470ideacentre_510-15abrthinkcentre_m910zideacentre_700_firmwareideacentre_720-18asr_firmwarethinkstation_p310aio510-22ishlegion_y920_towerthinkcentre_m715t\/s_firmwarethinkcentre_m900_firmwareaio310-20iap_firmwarev410z\(yt_s4250\)_firmwarethinkcentre_m7300zthinkcentre_m800zaio520-22ikl_firmwareideacentre_610s-02ish_firmwareyangtian_ytm6900e-00_firmwareideacentre_510-15abr_firmwarethinkcentre_m710e_firmwareyangtian_afh110_firmwarethinkcentre_m910z_firmwarethinkstation_p320_firmwarethinkpad_13_firmwarethinkpad_yoga_11e_4th_genthinkpad_a275thinkpad_x1_tabletaio720-24ikbthinkpad_p70_firmwarethinkpad_s2_yoga_3rd_gen_firmwarethinkcentre_e74z_firmwarethinkpad_p51ideacentre_510s-08ish_firmwarethinkcentre_m6600t\/sthinkpad_t460s_firmwarethinkpad_t470pthinkpad_l580yangtian_afq150_firmwarethinkstation_p310_firmwarethinkcentre_m800_firmwarethinkpad_p50s_firmwarethinkpad_l450_firmwarethinkpad_x1_yoga_firmwaresydney_e3_h110_firmwarethinkstation_p318v310z\(yt_s3150\)_firmwareideacentre_310-15asr_firmwarethinkcentre_m910x_firmwarethinkcentre_m8600t\/s_firmwareyangtian_afq150legion_y720_towerthinkpad_t570_firmwarethinkpad_l560_firmwarethinkpad_t460p_firmwareyangtian_mf\/wf_h110_pci_firmwarethinkcentre_m700zthinkstation_p320_tiny_firmwarethinkpad_l380_firmwarethinkpad_x260ideacentre_720-18asrthinkcentre_m6600q_firmwareaio520-27iklthinkpad_x1_tablet_firmwareaio520-27ikl_firmwarethinkcentre_m700t\/sthinkpad_l480_firmwarethinkcentre_m7300z_firmwarethinkcentre_x1_aiothinkpad_l380_yogalegion_y720t_amdthinkpad_p50ideacentre_510-15ikl_firmwareyta8900fideacentre_300s-11ishthinkcentre_m818z_firmwarethinkpad_p52s_firmwarethinkpad_t570thinkpad_p51syangtian_tc\/wc_h110_pci_firmwareideacentre_700thinkpad_s2_yoga_4th_genthinkpad_t450s_firmwarethinkpad_t450_firmwarev310z\(yt_s3150\)thinkcentre_m800z_firmwarethinkcentre_m910_t\/s_firmwarethinkpad_t450thinkpad_t480s_firmwarethinkpad_s2_yoga_3rd_genideacentre_310a-15iap_firmwarethinkpad_t470p_firmwarethinkpad_yoga_11e_4th_gen_firmwarethinkpad_l13_yogathinkpad_a275_firmwareideacentre_510-15iklthinkpad_s2_yoga_4th_gen_firmwareaio510-22ish_firmwarethinkcentre_m6600qlegion_y920_tower_firmwarethinkpad_a475_firmwareyangtian_mc_h110_pcithinkpad_p70thinkserver_ts550_firmwarethinkpad_l470yangtian_tc\/wc_h110_pcithinkcentre_m9500z_firmwarethinkpad_l390_yogathinkpad_l13_yoga_firmwarethinkcentre_m9550z_firmwarethinkcentre_m700t\/s_firmwarethinkcentre_e74s_firmwareyangtian_s4150_firmwarethinkcentre_e74sthinkserver_ts240_firmwarethinkcentre_m910q_firmwarethinkpad_t470_firmwarelegion_y720t_amd_firmwarethinkstation_p330_tiny_firmwarethinkpad_l380_yoga_firmwareqt_a7400_firmwareideacentre_310a-15iapyangtian_s4150thinkpad_x270_firmwaren/a
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-8327
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.10% / 29.04%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 21:05
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-vantageVantage
CWE ID-CWE-428
Unquoted Search Path or Element
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-8342
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.03% / 8.15%
||
7 Day CHG~0.00%
Published-15 Sep, 2020 | 14:20
Updated-17 Sep, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_updateSystem Update
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2019-6172
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.09% / 26.99%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 20:40
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution.

Action-Not Available
Vendor-Lenovo Group Limited
Product-s340-15iwl_touchl340-17irh_firmwarezhaoyang_e43-80_kbl_firmwareqitian_m4650v330-14isk_firmwarea340-22_iwl_firmware720s-15ikb_firmwarethinkpad_e490ideacentre_730s-24ikb_firmwarev110-15ikbthinkcentre_m73p130-15ikb_firmwarethinkcentre_m720qlegion_y740-17ichgthinkpad_p51sthinkpad_p53thinkpad_e450cthinkcentre_m79_firmwareyta8900fthinkpad_p72_firmwarethinkpad_l590thinkcentre_e93_firmwarerescuer_y7000p\(1060\)130-14ikb_firmwareyangtian_ws_h81_firmwarethinkpad_p52thinkpad_e560p_firmwarethinkpad_p70aio_330-20astthinkpad_e470_firmware330-15ikbrv530s-07icb_firmwarem4500_firmwarethinkpad_e460thinkpad_yoga_11ethinkpad_x280thinkcentre_m83_firmwarethinkstation_p318_firmwarethinkpad_tablet_8_firmwarec340-14iwl_firmwarelegion_t530-28icbthinkpad_l470_firmwares540-14iwl_firmwarelegion_t730-28ico330c-14ikbs540-14iwl_touch_firmwarethinkpad_l380_firmwarelegion_y740-15ichgthinkcentre_e74_firmwarethinkpad_r590_firmwareqitian_b5900_firmwarethinkpad_t560_firmwarethinkpad_t580thinkcentre_m4500kthinkcentre_m6500t_firmwarethinkcentre_m93z_\(aio\)yoga_s940-14iwl_firmwarethinkpad_x1_yogathinkcentre_m625q_firmwarethinkpad_t570_firmwarelegion_y520t_z370legion_t530-28icb_reflash_firmwarethinkcentre_m4500t_firmwares340-14iwlqt_b415_firmwareyangtian_wf_h81_pci_firmwareqitian_m4600_firmware340c-15ikb_firmwarethinkcentre_m910x_firmwarethinkcentre_m910s_firmwareyangtian_afh110_firmwareyangtian_wf_h110_pci_firmwarethinkpad_x380_yoga_firmwareyangtian_afq150_firmwarev320-14ikby7000_2019_1050v330-14ikb_firmwarethinkpad_w540h50-30g_desktopv330-14iskyoga_s940-14iwlyangtian_tc_h81_pci_firmwarethinkcentre_x1_aiothinkpad_p52_firmwarethinkpad_s2_yoga_4th_gen_firmwarethinkcentre_m720s_firmwarethinkpad_t580_firmwarelegion_t530-28aprideacentre_720-18icb_firmwareyoga530-14ikb_firmwares540-14iwl_touchthinkcentre_m4600tthinkcentre_m920q_firmwarezhaoyang_k42-80thinkpad_t25lenovo_v720-14ikbqt_a7400s540-15iwl_firmwareaio_330-20igm_firmwarethinkpad_t460sideacentre_300s-11ish_firmware510-15iklaio_520-24ast_firmwareyangtian_mf_h81_pci330-14ikb_firmware720s_touch-15ikb_firmwarethinkpad_e570thinkcentre_m79v310-14ikbthinkstation_p318thinkcentre_m700sthinkpad_x1_extreme_firmwarev130-14ikbthinkcentre_m6600t_firmware330-15ikb_firmwarethinkpad_e550thinkcentre_m8600s_firmwarec340-14iwlv310-15ikb_firmwareyoga_730-13iwl_firmwarethinkcentre_m715q_firmwarethinkpad_tablet_10_firmwarethinkcentre_m73_firmwarethinkpad_t440qitian_b4550_firmwarethinkpad_e580thinkcentre_e73_firmwarethinkcentre_m920t_firmwarethinkcentre_e93thinkcentre_m6500s_firmwareyoga_11e_3rd_genthinkpad_p71thinkcentre_m710q330-15ikbr_touchthinkpad_10_firmwarethinkpad_p51s_firmwarethinkcentre_m710e_firmwarethinkcentre_m8500ss145-15ikbthinkpad_x250thinkcentre_m900_firmwarev310z\(yt_s3150\)_firmware330-15ich_firmwarel340-15iwltouchthinkcentre_e75sthinkcentre_m920zyangtian_mc_h81_firmwarethinkcentre_m9550zthinkcentre_e74zideacentre_720-18aprthinkcentre_m9550z_firmwarethinkpad_helix_firmwarethinkpad_t480s_firmwarelegion_y9000p_2019_firmwarethinkpad_s3_3rd_genthinkcentre_m73p_firmwarelegion_y9000p_2019v130-14ikb_firmwarexiaoxin_tide_7000-15_u42thinkcentre_m7300z_firmwarethinkcentre_m6600qthinkcentre_m8350z_firmwarev310-14isk_firmwares145-14ikb_firmwarec340-15iwlwei5-14ikb_firmwarethinksystem_odc5200-cn650s_firmwarelegion_y740-15irhg_firmwarethinkcentre_m820zv110-14ikb_firmwarev310z\(yt_s3150\)v110-14ikbthinkpad_l560_firmwarethinkcentre_s510_firmwarelegion_y730-15ich_firmware330-14ikbthinkpad_p53s_firmwares145-15ikb_firmwareyangtian_tc_h81_pciyoga_s730-13iwll340-15irh_firmwarethinkstation_p300_firmwarel340-17irhthinkpad_p52sthinkpad_t470_firmwarethinkcentre_m73_tiny_firmwarethinkcentre_m920x_firmwarethinkcentre_m6600_firmwarethinkpad_t480_firmware530s-14iwl_firmwarethinkpad_x1_carbon_firmwarerescuer_y7000p\(1060\)_firmwarelegion_c730-19icothinkcentre_m4500q_firmwarethinkpad_e580_firmwareaio520-24iku_firmwarem4550_id_firmware530s-15ikbthinkpad_t570thinkpad_l560ideacentre_510-15icb_firmwarethinkcentre_m6600tthinkpad_t590yoga_11e_4th_gen_firmwarethinkpad_t550xiaoxin-14_2019iwlthinkpad_x1_tabletwei5-14ikbxiaoxin-14_2019iwl_firmwarethinkpad_t450sqt_a7400_firmwarev130-15ikbthinkcentre_m73yangtian_ws_h81rescuer_y7000yoga_s730-13iwl_firmwarev530-22icb\(yt_s4350\)thinkstation_p310_firmwareaio520-22ikuthinkpad_tablet_8thinkcentre_e96z_firmwarethinkpad_l390_yoga_firmwaree52-80yangtian_mc_h110thinkpad_x270k43c-80thinkpad_l580_firmwarev510-15ikbthinkcentre_m715qyoga_520-14ikbh50-30g_desktop_firmwarethinkpad_p50s_firmwarelegion_y530-15ich\(1060\)_firmwareaio520-22ikl_firmwareideacentre_300s-11ishv320-15ikb_firmwarethinkpad_t440p_firmwarethinkpad_l470xiaoxin_air-14iwl_2019thinkpad_t440s_firmwarethinkpad_e570_firmwarethinkpad_s5_firmwareyogo_a940-27icb_firmwarethinkpad_t440pideacentre_310s-08asr_firmwarethinkcentre_m9350zthinkpad_tablet_10a340-22_iwllegion_y9000k_2019thinkpad_x390_yoga_firmwareyoga_11e_4th_gen730s-13iwlthinkpad_l380thinkpad_t450_firmwarelegion_t530-28apr_firmwarethinkpad_x1_yoga_firmwarethinkpad_t590_firmwares340-14iwl_touchthinkpad_s1_yoga_firmwarethinkpad_x1_extremelegion_c530-19icbyangtian_wcc_h81_pcithinkpad_l490_firmwarethinkcentre_e73syoga530-14ikbthinkpad_x1_carbonthinkpad_e560_firmwarelegion_y7000p-1060_firmwarethinkpad_t460p_firmwarexiaoxin_air_14iwlthinkcentre_m8600s330-17ich_firmwarev310-15ikbxiaoxin-15_2019iwl_firmwarethinkpad_r490yangtian_mc_h81flex-15iwlaio_330-20ast_firmwareideacentre_510a-15icblegion_y730-17ich_firmwareyoga_11e_3rd_gen_firmwarethinkcentre_m710s_firmwarethinkpad_e590xiaoxin_air_14ikbrc340-15iwl_firmwarethinkcentre_m73_tinya340-22icbthinkcentre_e74s_firmwareyangtian_wc_h110_pcithinkpad_p1_firmwarethinkpad_s5_yoga_15v330-15igma340-22ast_firmwareqt_m410xiaoxin_air_15iwlthinkpad_yoga_11e_firmware330-14ikbryoga_730-13ikbv510-15ikb_firmwarev410z\(yt_s4250\)aio520-22iklthinkpad_l480_firmwarethinkpad_x380_yoga530s-15iwl_firmwarexiaoxin_air_13iwl_firmwareaio520-24ikurescuer_y7000pthinkpad_x131ethinkstation_p320rescuer_y7000p_firmwareqitian_4500thinkcentre_m93_firmwareyoga_730-13iwlv520t-15iklthinkcentre_m710t_firmwares340-14iwl_firmwareqitian_a815v510z_\(yt_s5250\)_firmwarethinksystem_hr650x_\(skl\)_firmwarethinkpad_l450qitian_m4650_firmwarethinkpad_t470s_firmwarethinkcentre_e73s_firmwareaio520-24ikl_firmwarezhaoyang_e53-80thinkpad_r590thinkpad_p50aio_520-24aste42-80_firmwarethinkcentre_m800_firmware530s-15ikb_firmwarethinkpad_p43s_\(20rx\)_firmwarev330-15ikbideacentre_310s-08igm_firmwarethinkcentre_m700tthinkpad_t440sqt_b415s340-15iwl_firmwareyangtian_we_h110_firmware330-15ikbflex_5-1570\(r\)thinkpad_p70_firmwarexx_chao5000-ikbra_firmwarethinkpad_13thinkpad_t470thinkcentre_m7300zs530-13iwl_firmwarethinkcentre_m700s_firmwarethinkcentre_e74lenovo_v720-14ikb_firmwarelegion_y530-15ich_firmwareyangtian_mc_h110_pciqitian_m4550330c-15ikbrthinkpad_e480v520s-08iklxiaoxin_air_14iwl_firmwarethinkpad_l380_yoga330-17ikbr_firmwarethinkpad_s3thinkcentre_m8600t_firmwarethinkcentre_m820z_firmware720s_touch-15ikblegion_y7000p-1060thinkpad_e470xiaoxin-14iwl_qc_2019720s-14ikbrthinkcentre_m4600t_firmwarerescuer_y7000_firmwarem4500yangtian_afh110a340-24_iwlthinkpad_helixflex_6-14ikbthinkpad_w550s_firmwarev320-17ikbrxiaoxin-15_2019iwlyangtian_mf_h110_pci_firmwareideacentre_700thinkcentre_m900z_firmwareideacentre_310s-08asr720s-15ikbthinkcentre_m83z_\(aio\)_firmwarethinkcentre_m720q_firmwarethinkcentre_m715sthinkpad_l460_firmwarethinkcentre_s510thinkpad_w541thinkcentre_m715q_rrthinkcentre_m700za340-22icb_firmwarethinkcentre_e95z_firmwarexiaoxin_air-15iwl_2019_firmwarethinkcentre_e96zthinkcentre_m818z_firmwarev530-22icb\(yt_s4350\)_firmwaremiix_720-12ikb_firmwarewei5-15ikbthinkpad_x240s_firmwarea340-24_iwl_firmwarethinkcentre_m715q_rr_firmwarethinkpad_l460yoga_520-14ikb_firmware510s-08ikl_firmwarethinkcentre_m710ea340-22ast330c-14ikb_firmwarev410z\(yt_s4250\)_firmwarethinkstation_p310thinkpad_s2_yoga_4th_genthinksystem_odc5200-cn650sthinkcentre_m4500sthinkpad_11ethinkstation_e32_firmwarethinkpad_t460pthinkpad_p1s340-15iwlthinkpad_x140elegion_y520t_z370_firmwareideacentre_510-15icbideacentre_510s-08ish340c-15ikbthinkpad_l380_yoga_firmwarethinkpad_x1_tablet_firmware530s-14ikb_firmwarev320-14ikb_firmwarethinkcentre_m920tthinkcentre_m715t_firmwarethinkpad_x390thinkcentre_m710tthinkpad_s540v520s-08ikl_firmwarethinkcentre_m720ty7000_2019_1050_firmwarev110-15ikb_firmwarelegion_t530-28apr_reflashlegion_c530-19icb_firmwares540-15iwll340-15irhideacentre_700_firmwareqt_m415_firmware340c-15iwlv130-15ikb_firmwarethinkpad_s3_firmwarexiaoxin_air-14iwl_2019_firmware330c-15ikbr_firmwarev310-14iskxiaoxin_tide_7000-15_u22thinkpad_s531_firmwarethinkpad_t490_firmwareqitian_b4650_firmwarev540-24iwl\(yt_s5430\)330-15ikbr_firmwarezhaoyang_k42-80_firmwarethinkpad_l390_yogayoga_730-15ikb_firmwareflex_6-1470aio520-24iklthinkpad_x240_firmwarethinkcentre_m4600s_firmwarethinkpad_l450_firmwarethinkcentre_m700z_firmwarethinkpad_13_firmwaremiix_720-12ikblegion_y740-17irhgxiaoxin_air-15iwl_2019thinkpad_l570_firmwarethinkpad_w540_firmwareflex-14iwlflex-15iwl_firmwareyangtian_mc_h110_pci_firmwarethinkpad_e550cthinkpad_e490sthinkcentre_e95zv330-15isklegion_t530-28icb_reflashwei5-15ikb_firmware330-17ikbthinkpad_s540_firmware330-17ichthinkcentre_m600_firmwarev730-15ikb_firmwarea340-24icbthinkcentre_m910q_firmwares340-15iwl_touch_firmwareqt_m410_firmwarethinkpad_s2_yoga_3rd_gen_firmwarethinkcentre_m910zs340-14iwl_touch_firmwarethinkcentre_m920sthinkcentre_m710q_firmwareqitian_4500_firmwarethinkpad_x390_yogathinkcentre_m818zqt_m415thinkcentre_m8600tthinkpad_s1_yogathinkpad_e560thinksystem_hr650x_\(skl\)yangtian_mf_h110_pcithinkcentre_m910qrescuer_y7000\(1060\)510s-08iklideacentre_720-18apr_firmwarethinkcentre_m720s340c-15iwl_firmwarethinkcentre_m90n-1_firmwarexiaoxin_air_15ikbr_firmwarethinkpad_p43s_\(20rx\)v330-15igm_firmware530s-14ikbyangtian_wcc_h81_pci_firmwarethinkcentre_m810zyangtian_afh81_firmwarethinkcentre_m9500zthinkpad_x131e_firmwarethinkcentre_m810z_firmwareflex_6-1470_firmwarev510z_\(yt_s5250\)m4550_idv330-14ikbthinkpad_e480_firmwareflex_6-14ikb_firmwarethinkstation_p300thinkcentre_m6600yangtian_me_h110_firmwarel340-15iwl330-14ikbr_firmwareyangtian_wf_h110_pcithinkpad_t540pthinkcentre_m6600sthinkpad_t540p_firmwarelegion_y530-15ich\(1060\)thinkpad_t460_firmwarethinkpad_t460s_firmwarethinkstation_p330330-17ikbrl340-17iwl_firmwarethinkcentre_m700qthinkpad_x270_firmware63_firmwarethinkpad_s2_yoga_3rd_genthinkcentre_m6500sthinkcentre_m8500s_firmwarethinkpad_l490aio520-24arr330-15ichxiaoxin_tide_7000-15_u22_firmwarethinkpad_p71_firmware330c-15ikb_firmwareqitian_b4650thinkpad_l590_firmwarethinkcentre_e75tthinkcentre_m4500qs145-15iwl_firmwarexiaoxin_air_15iwl_firmwareqitian_a815_firmwareyta8900f_firmwarethinkpad_x260s145-15iwlthinkcentre_m910tthinkpad_x250_firmware530s-15iwl330c-15ikbthinkpad_yoga_260-s1thinkcentre_e75t_firmwarethinkstation_p330_firmwarethinkpad_s5_2nd_generation_firmwareaio_330-20igmaio520-27ikl_firmwaree52-80_firmwarethinkcentre_m920qthinkpad_p50_firmwarethinkpad_s3_3rd_gen_firmwarethinkcentre_m4500s_firmwarethinkcentre_m720t_firmwarethinkpad_x260_firmwarelegion_y730-15ichthinkpad_e590_firmwarezhaoyang_e53-80_firmwarethinkstation_p320_tinythinkcentre_m800thinkpad_t450thinkcentre_m800zthinkcentre_m900yangtian_mc_h110_firmwarethinkpad_t490thinkcentre_m93p_firmwarethinkpad_x280_firmwarethinkcentre_m93thinkpad_p73_firmwarethinkstation_p330_tiny_firmwares940-14iwllegion_y740-15ichg_firmwarethinkcentre_m8350zxiaoxin-14iwl_qc_2019_firmwareyoga_730-15iwl_firmwarel340-17iwls530-13iwlthinkcentre_m625qthinkpad_w550sthinkpad_l480thinkpad_e450_firmwarethinkpad_t460thinkpad_x390_firmware330-17ikb_firmwarethinkpad_r490_firmwares540-14iwls145-14ikbthinkpad_t440_firmwarethinkcentre_m8500tthinkcentre_m83z_\(aio\)thinkcentre_m93plegion_t530-28icb_firmware330-15ikbr_touch_firmwareideacentre_510a-15icb_firmwarexiaoxin_air_13iwlv320-17ikbr_firmwareideacentre_730s-24ikbflex-14iwl_firmwarev530-24icb\(yt_s5350\)xx_chao5000-ikbrathinkpad_10thinkcentre_m700q_firmwareyangtian_me_h110legion_y740-17ichg_firmwareqitian_b5900v310-15iskv530s-07icb63thinkpad_yoga_370yangtian_afq150aio520-24arr_firmwarev310-14ikb_firmwarek43c-80_firmware130-14ikbqitian_b4550thinkpad_e550c_firmwareideacentre_310s-08igmthinkpad_x140e_firmwareideacentre_300-20ish_firmwarethinkstation_p330_tinyyangtian_mf_h81_pci_firmwarea340-24icb_firmwarethinkcentre_m9350z_firmwarethinkpad_x240legion_y740-17irhg_firmwarethinkcentre_m800z_firmwareyoga_730-15iwlthinkpad_t450s_firmwarethinkcentre_m9500z_firmwarexiaoxin_air_14ikbr_firmwarethinkcentre_m920s_firmwarethinkpad_p52s_firmwareideacentre_720-18icbthinkcentre_m920z_firmwarethinkpad_t550_firmwarethinkcentre_m4600sthinkcentre_e74sv510-14ikb_firmwarethinkcentre_m610thinkpad_s531thinkpad_yoga_260-s1_firmwareideacentre_300-20ishthinkpad_t25_firmwareyangtian_wf_h81_pcithinkcentre_m920xyangtian_ytm6900e-00_firmwares940-14iwl_firmwarethinkcentre_m90n-1m4500_id_firmwarethinkcentre_e73720s-14ikbr_firmwareflex_5-1570\(r\)_firmwarelegion_y740-15irhgthinkcentre_m6500tv330-15ikb_firmwarethinkcentre_m910xrescuer_y7000\(1060\)_firmwarethinkcentre_m6600s_firmwarethinkpad_p53sthinkpad_t480sthinkpad_w541_firmwarethinkpad_p51_firmwarethinkcentre_m910sl340-15iwl_firmwareyangtian_ms_h81_firmwarelegion_c730-19ico_firmwareqitian_m4600thinkpad_e460_firmwarethinkstation_p320_firmwarethinkpad_11e_firmwarethinkpad_l570thinkcentre_m6600q_firmware530s-14iwlthinkcentre_m8500t_firmwareyangtian_ms_h81thinkpad_s5_yoga_15_firmwarezhaoyang_e43-80_kblthinkcentre_m900zthinkpad_e450c_firmwareaio520-27iklthinkpad_t490s_firmwarethinkpad_x240sideacentre_510s-08ish_firmwaree42-80thinkpad_l580yogo_a940-27icbyangtian_tc_h110_pci_firmwarelegion_t730-28ico_firmwarethinkcentre_m8300z_firmwareyangtian_we_h110thinkpad_s5_2nd_generation130-15ikb510-15ikl_firmwarelegion_y730-17ichm4500_idthinkcentre_m725syangtian_ytm6900e-00v310-15isk_firmwarethinkpad_e490s_firmwarethinkpad_s5thinkpad_t470p_firmwarethinkcentre_m725s_firmwarelegion_t530-28apr_reflash_firmwarelegion_y9000k_2019_firmwarev540-24iwl\(yt_s5430\)_firmwareyoga_730-13ikb_firmwarethinkpad_e490_firmware730s-13iwl_firmwarev320-15ikbthinkpad_t560thinkcentre_m8300zs145-14iwlthinkpad_s1_3rd_firmwarethinksystem_hr630x_\(skl\)_firmwarexiaoxin_tide_7000-15_u42_firmwarelegion_y530-15ichthinkcentre_m700t_firmwarethinkstation_p320_tiny_firmwarethinkcentre_m83thinkpad_p50sthinkpad_p53_firmwarev330-15isk_firmwarethinkcentre_e74z_firmwarethinksystem_hr630x_\(skl\)v520t-15ikl_firmwarethinkpad_s1_3rdthinkcentre_x1_aio_firmwarethinkcentre_m4500k_firmwarexiaoxin_air_15ikbrthinkcentre_e75s_firmwarethinkpad_p51v510-14ikbthinkcentre_m610_firmwareqitian_m4550_firmwarev730-15ikbthinkpad_t490sl340-15iwltouch_firmwarethinkpad_p73thinkpad_e560pthinkcentre_m93z_\(aio\)_firmwares145-14iwl_firmwarev530-24icb\(yt_s5350\)_firmwarethinkcentre_m715tyangtian_wc_h110_pci_firmwarethinkpad_t470sthinkpad_p72thinkcentre_m910t_firmwarethinkpad_e450thinkpad_t470pthinkcentre_m710syangtian_afh81thinkcentre_m4500tthinkcentre_m910z_firmwarethinkpad_yoga_370_firmwarethinkpad_e550_firmwareyoga_730-15ikbthinkcentre_m715s_firmwareaio520-22iku_firmwarethinkpad_t480thinkstation_e32thinkcentre_m600yangtian_tc_h110_pciThinkPad
CVE-2019-6165
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.07% / 21.10%
||
7 Day CHG~0.00%
Published-19 Aug, 2019 | 14:56
Updated-16 Sep, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended support for PaperDisplay Hotkey software as the Night light feature introduced in Windows 10 Build 1703 provides similar features.

Action-Not Available
Vendor-Lenovo Group Limited
Product-yoga_700-14iskyoga_700-11isk_firmwareyoga_700-11iskyoga_700-14isk_firmwarePaperDisplay Hotkey Service
CWE ID-CWE-426
Untrusted Search Path
CVE-2021-3840
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-8.8||HIGH
EPSS-1.70% / 81.54%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:05
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE classifies this weakness as an Uncontrolled Search Path Element (CWE-427) in which a private package dependency may be replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi. The configuration has been updated to only install components built by Antilles, removing all other public package indexes. Additionally, the antilles-tools dependency has been published to PyPi.

Action-Not Available
Vendor-AntillesLenovo Group Limited
Product-antillesAntilles
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-3464
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.78%
||
7 Day CHG~0.00%
Published-27 Apr, 2021 | 15:27
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPCManager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-6338
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.33%
||
7 Day CHG~0.00%
Published-03 Jan, 2024 | 21:00
Updated-03 Jun, 2025 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-universal_device_clientUniversal Device Client (UDC)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-4632
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.80%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 21:58
Updated-03 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_updateLenovo System Update
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-1729
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 1.99%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 19:17
Updated-17 Jul, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-TrackPoint Quick Menu
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-9046
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.90%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:16
Updated-17 Oct, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-starstudiostARstudiostarstudio
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-33582
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.62%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:17
Updated-15 Oct, 2024 | 12:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Service Frameworkservice_framework
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-3078
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.17%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 16:47
Updated-08 Oct, 2024 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-universal_device_clientUniversal Device Client (UDC)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-3550
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.10%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 20:30
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPCManager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-4132
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.55%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:16
Updated-17 Oct, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-lock_screenLock Screenlock_screen
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-33581
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.62%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:17
Updated-15 Oct, 2024 | 12:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-PC Manager AI intelligent scenariopcmanager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-33580
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.62%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:17
Updated-15 Oct, 2024 | 12:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Personal Cloudpersonal_cloud
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-33579
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.62%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:16
Updated-15 Oct, 2024 | 12:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Baiyingbaiying
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-4130
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.55%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:15
Updated-17 Oct, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-app_storeApp Storeapp_store
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-4131
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.55%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:15
Updated-17 Oct, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-emulatorEmulatoremulator
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-33578
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.62%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:16
Updated-15 Oct, 2024 | 12:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Leyunleyun
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-4089
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.55%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:15
Updated-17 Oct, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-superfileSuperFilesuperfile
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-28876
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 4.57%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 13:45
Updated-06 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) MPI Library software before version 2021.12 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-mpi_libraryoneapi_hpc_toolkitIntel(R) MPI Library softwarempi_libraryoneapi_hpc_toolkit
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2018-8090
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.44% / 62.46%
||
7 Day CHG~0.00%
Published-25 Jul, 2018 | 23:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quick Heal Total Security 64 bit 17.00 (QHTS64.exe), (QHTSFT64.exe) - Version 10.0.1.38; Quick Heal Total Security 32 bit 17.00 (QHTS32.exe), (QHTSFT32.exe) - Version 10.0.1.38; Quick Heal Internet Security 64 bit 17.00 (QHIS64.exe), (QHISFT64.exe) - Version 10.0.0.37; Quick Heal Internet Security 32 bit 17.00 (QHIS32.exe), (QHISFT32.exe) - Version 10.0.0.37; Quick Heal AntiVirus Pro 64 bit 17.00 (QHAV64.exe), (QHAVFT64.exe) - Version 10.0.0.37; and Quick Heal AntiVirus Pro 32 bit 17.00 (QHAV32.exe), (QHAVFT32.exe) - Version 10.0.0.37 allow DLL Hijacking because of Insecure Library Loading.

Action-Not Available
Vendor-quickhealn/a
Product-antivirus_prointernet_securitytotal_securityn/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-1745
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.95%
||
7 Day CHG~0.00%
Published-30 Mar, 2023 | 23:00
Updated-02 Aug, 2024 | 05:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
KMPlayer SHFOLDER.dll uncontrolled search path

A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224633 was assigned to this vulnerability.

Action-Not Available
Vendor-n/aPandora Media, LLC
Product-kmplayerKMPlayer
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-27303
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.3||HIGH
EPSS-0.08% / 24.73%
||
7 Day CHG~0.00%
Published-06 Mar, 2024 | 18:35
Updated-13 Aug, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)

electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. Version 24.13.2 fixes this issue. No known workaround exists. The code executes at the installer-level before the app is present on the system, so there's no way to check if it exists in a current installer.

Action-Not Available
Vendor-Electron UserlandElectron (OpenJS Foundation)
Product-electron-builderelectron-builder
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-28099
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.91%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 10:31
Updated-30 Jun, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application.

Action-Not Available
Vendor-keyenceKEYENCE CORPORATIONkeyence
Product-vt_studioVT STUDIOvt_studio
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-38086
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.60%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 13:42
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking.

Action-Not Available
Vendor-n/aMicrosoft CorporationAcronis (Acronis International GmbH)
Product-cyber_protectwindowsn/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-0898
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 8.68%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 16:34
Updated-16 Jan, 2025 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Search Path Element in GE MiCOM S1 Agile

General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application.

Action-Not Available
Vendor-geGeneral Electric
Product-micom_s1_agileMiCOM S1 Agile
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2018-5235
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-6||MEDIUM
EPSS-0.16% / 36.92%
||
7 Day CHG~0.00%
Published-22 Aug, 2018 | 17:00
Updated-16 Sep, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.

Action-Not Available
Vendor-Symantec Corporation
Product-norton_utilitiesNorton Utilities
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-0976
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-6.3||MEDIUM
EPSS-0.15% / 36.77%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 07:35
Updated-06 Jan, 2025 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. The malicious file is executed by running the TA deployment feature located in the System Tree.

Action-Not Available
Vendor-Apple Inc.Musarubra US LLC (Trellix)
Product-macosagentTrellix Agent
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-0247
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.78%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 00:00
Updated-07 Apr, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Search Path Element in bits-and-blooms/bloom

Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1.

Action-Not Available
Vendor-bloom_projectbits-and-blooms
Product-bloombits-and-blooms/bloom
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-38571
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.25%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 21:14
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka CNVD-C-2021-68000 and CNVD-C-2021-68502.

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readern/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-23489
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 6.63%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 13:45
Updated-12 Sep, 2024 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) VROC software before version 8.6.0.1191 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-virtual_raid_on_cpuIntel(R) VROC softwarevroc_software
CWE ID-CWE-427
Uncontrolled Search Path Element
Details not found