Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-0192

Summary
Assigner-lenovo
Assigner Org ID-da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At-22 Apr, 2022 | 20:30
Updated At-02 Aug, 2024 | 23:18
Rejected At-
Credits

A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:lenovo
Assigner Org ID:da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At:22 Apr, 2022 | 20:30
Updated At:02 Aug, 2024 | 23:18
Rejected At:
▼CVE Numbering Authority (CNA)

A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation.

Affected Products
Vendor
Lenovo Group LimitedLenovo
Product
PCManager
Versions
Affected
  • From unspecified before 4.0.40.2175 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-427CWE-427 Uncontrolled Search Path Element
Type: CWE
CWE ID: CWE-427
Description: CWE-427 Uncontrolled Search Path Element
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update to Lenovo PCManager version 4.0.40.2175 (or later).

Configurations
Workarounds
Exploits
Credits
Lenovo thanks Shangji Pang from Topsec Alpha Lab for reporting this issue
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://iknow.lenovo.com.cn/detail/dc_201470.html
x_refsource_MISC
Hyperlink: https://iknow.lenovo.com.cn/detail/dc_201470.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://iknow.lenovo.com.cn/detail/dc_201470.html
x_refsource_MISC
x_transferred
Hyperlink: https://iknow.lenovo.com.cn/detail/dc_201470.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@lenovo.com
Published At:22 Apr, 2022 | 21:15
Updated At:04 May, 2022 | 13:12

A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary2.04.4MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.4
Base severity: MEDIUM
Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Lenovo Group Limited
lenovo
>>pcmanager>>Versions before 4.0.40.2175(exclusive)
cpe:2.3:a:lenovo:pcmanager:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-427Primarynvd@nist.gov
CWE-427Secondarypsirt@lenovo.com
CWE ID: CWE-427
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-427
Type: Secondary
Source: psirt@lenovo.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://iknow.lenovo.com.cn/detail/dc_201470.htmlpsirt@lenovo.com
Vendor Advisory
Hyperlink: https://iknow.lenovo.com.cn/detail/dc_201470.html
Source: psirt@lenovo.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

422Records found
CVE-2021-3633
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.02% / 3.75%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 16:25
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-drivers_managementDriver Management
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-8345
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.07% / 21.13%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 21:25
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.

Action-Not Available
Vendor-Lenovo Group Limited
Product-hardware_scanVantage HardwareScan Plugin
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-6170
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.07% / 22.89%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 20:40
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.

Action-Not Available
Vendor-Lenovo Group Limited
Product-s340-15iwl_touchl340-17irh_firmwarezhaoyang_e43-80_kbl_firmwareqitian_m4650v330-14isk_firmwarea340-22_iwl_firmware720s-15ikb_firmwarethinkpad_e490ideacentre_730s-24ikb_firmwarev110-15ikbthinkcentre_m73p130-15ikb_firmwarethinkcentre_m720qlegion_y740-17ichgthinkpad_p51sthinkpad_p53thinkpad_e450cthinkcentre_m79_firmwareyta8900fthinkpad_p72_firmwarethinkpad_l590thinkcentre_e93_firmwarerescuer_y7000p\(1060\)130-14ikb_firmwareyangtian_ws_h81_firmwarethinkpad_p52thinkpad_e560p_firmwarethinkpad_p70aio_330-20astthinkpad_e470_firmware330-15ikbrv530s-07icb_firmwarem4500_firmwarethinkpad_e460thinkpad_yoga_11ethinkpad_x280thinkcentre_m83_firmwarethinkstation_p318_firmwarethinkpad_tablet_8_firmwarec340-14iwl_firmwarelegion_t530-28icbthinkpad_l470_firmwares540-14iwl_firmwarelegion_t730-28ico330c-14ikbs540-14iwl_touch_firmwarethinkpad_l380_firmwarelegion_y740-15ichgthinkcentre_e74_firmwarethinkpad_r590_firmwareqitian_b5900_firmwarethinkpad_t560_firmwarethinkpad_t580thinkcentre_m4500kthinkcentre_m6500t_firmwarethinkcentre_m93z_\(aio\)yoga_s940-14iwl_firmwarethinkpad_x1_yogathinkcentre_m625q_firmwarethinkpad_t570_firmwarelegion_y520t_z370legion_t530-28icb_reflash_firmwarethinkcentre_m4500t_firmwares340-14iwlqt_b415_firmwareyangtian_wf_h81_pci_firmwareqitian_m4600_firmware340c-15ikb_firmwarethinkcentre_m910x_firmwarethinkcentre_m910s_firmwareyangtian_afh110_firmwareyangtian_wf_h110_pci_firmwarethinkpad_x380_yoga_firmwareyangtian_afq150_firmwarev320-14ikby7000_2019_1050v330-14ikb_firmwarethinkpad_w540h50-30g_desktopv330-14iskyoga_s940-14iwlyangtian_tc_h81_pci_firmwarethinkcentre_x1_aiothinkpad_p52_firmwarethinkpad_s2_yoga_4th_gen_firmwarethinkcentre_m720s_firmwarethinkpad_t580_firmwarelegion_t530-28aprideacentre_720-18icb_firmwareyoga530-14ikb_firmwares540-14iwl_touchthinkcentre_m4600tthinkcentre_m920q_firmwarezhaoyang_k42-80thinkpad_t25lenovo_v720-14ikbqt_a7400s540-15iwl_firmwareaio_330-20igm_firmwarethinkpad_t460sideacentre_300s-11ish_firmware510-15iklaio_520-24ast_firmwareyangtian_mf_h81_pci330-14ikb_firmware720s_touch-15ikb_firmwarethinkpad_e570thinkcentre_m79v310-14ikbthinkstation_p318thinkcentre_m700sthinkpad_x1_extreme_firmwarev130-14ikbthinkcentre_m6600t_firmware330-15ikb_firmwarethinkpad_e550thinkcentre_m8600s_firmwarec340-14iwlv310-15ikb_firmwareyoga_730-13iwl_firmwarethinkcentre_m715q_firmwarethinkpad_tablet_10_firmwarethinkcentre_m73_firmwarethinkpad_t440qitian_b4550_firmwarethinkpad_e580thinkcentre_e73_firmwarethinkcentre_m920t_firmwarethinkcentre_e93thinkcentre_m6500s_firmwareyoga_11e_3rd_genthinkpad_p71thinkcentre_m710q330-15ikbr_touchthinkpad_10_firmwarethinkpad_p51s_firmwarethinkcentre_m710e_firmwarethinkcentre_m8500ss145-15ikbthinkpad_x250thinkcentre_m900_firmwarev310z\(yt_s3150\)_firmware330-15ich_firmwarel340-15iwltouchthinkcentre_e75sthinkcentre_m920zyangtian_mc_h81_firmwarethinkcentre_m9550zthinkcentre_e74zideacentre_720-18aprthinkcentre_m9550z_firmwarethinkpad_helix_firmwarethinkpad_t480s_firmwarelegion_y9000p_2019_firmwarethinkpad_s3_3rd_genthinkcentre_m73p_firmwarelegion_y9000p_2019v130-14ikb_firmwarexiaoxin_tide_7000-15_u42thinkcentre_m7300z_firmwarethinkcentre_m6600qthinkcentre_m8350z_firmwarev310-14isk_firmwares145-14ikb_firmwarec340-15iwlwei5-14ikb_firmwarethinksystem_odc5200-cn650s_firmwarelegion_y740-15irhg_firmwarethinkcentre_m820zv110-14ikb_firmwarev310z\(yt_s3150\)v110-14ikbthinkpad_l560_firmwarethinkcentre_s510_firmwarelegion_y730-15ich_firmware330-14ikbthinkpad_p53s_firmwares145-15ikb_firmwareyangtian_tc_h81_pciyoga_s730-13iwll340-15irh_firmwarethinkstation_p300_firmwarel340-17irhthinkpad_p52sthinkpad_t470_firmwarethinkcentre_m73_tiny_firmwarethinkcentre_m920x_firmwarethinkcentre_m6600_firmwarethinkpad_t480_firmware530s-14iwl_firmwarethinkpad_x1_carbon_firmwarerescuer_y7000p\(1060\)_firmwarelegion_c730-19icothinkcentre_m4500q_firmwarethinkpad_e580_firmwareaio520-24iku_firmwarem4550_id_firmware530s-15ikbthinkpad_t570thinkpad_l560ideacentre_510-15icb_firmwarethinkcentre_m6600tthinkpad_t590yoga_11e_4th_gen_firmwarethinkpad_t550xiaoxin-14_2019iwlthinkpad_x1_tabletwei5-14ikbxiaoxin-14_2019iwl_firmwarethinkpad_t450sqt_a7400_firmwarev130-15ikbthinkcentre_m73yangtian_ws_h81rescuer_y7000yoga_s730-13iwl_firmwarev530-22icb\(yt_s4350\)thinkstation_p310_firmwareaio520-22ikuthinkpad_tablet_8thinkcentre_e96z_firmwarethinkpad_l390_yoga_firmwaree52-80yangtian_mc_h110thinkpad_x270k43c-80thinkpad_l580_firmwarev510-15ikbthinkcentre_m715qyoga_520-14ikbh50-30g_desktop_firmwarethinkpad_p50s_firmwarelegion_y530-15ich\(1060\)_firmwareaio520-22ikl_firmwareideacentre_300s-11ishv320-15ikb_firmwarethinkpad_t440p_firmwarethinkpad_l470xiaoxin_air-14iwl_2019thinkpad_t440s_firmwarethinkpad_e570_firmwarethinkpad_s5_firmwareyogo_a940-27icb_firmwarethinkpad_t440pideacentre_310s-08asr_firmwarethinkcentre_m9350zthinkpad_tablet_10a340-22_iwllegion_y9000k_2019thinkpad_x390_yoga_firmwareyoga_11e_4th_gen730s-13iwlthinkpad_l380thinkpad_t450_firmwarelegion_t530-28apr_firmwarethinkpad_x1_yoga_firmwarethinkpad_t590_firmwares340-14iwl_touchthinkpad_s1_yoga_firmwarethinkpad_x1_extremelegion_c530-19icbyangtian_wcc_h81_pcithinkpad_l490_firmwarethinkcentre_e73syoga530-14ikbthinkpad_x1_carbonthinkpad_e560_firmwarelegion_y7000p-1060_firmwarethinkpad_t460p_firmwarexiaoxin_air_14iwlthinkcentre_m8600s330-17ich_firmwarev310-15ikbxiaoxin-15_2019iwl_firmwarethinkpad_r490yangtian_mc_h81flex-15iwlaio_330-20ast_firmwareideacentre_510a-15icblegion_y730-17ich_firmwareyoga_11e_3rd_gen_firmwarethinkcentre_m710s_firmwarethinkpad_e590xiaoxin_air_14ikbrc340-15iwl_firmwarethinkcentre_m73_tinya340-22icbthinkcentre_e74s_firmwareyangtian_wc_h110_pcithinkpad_p1_firmwarethinkpad_s5_yoga_15v330-15igma340-22ast_firmwareqt_m410xiaoxin_air_15iwlthinkpad_yoga_11e_firmware330-14ikbryoga_730-13ikbv510-15ikb_firmwarev410z\(yt_s4250\)aio520-22iklthinkpad_l480_firmwarethinkpad_x380_yoga530s-15iwl_firmwarexiaoxin_air_13iwl_firmwareaio520-24ikurescuer_y7000pthinkpad_x131ethinkstation_p320rescuer_y7000p_firmwareqitian_4500thinkcentre_m93_firmwareyoga_730-13iwlv520t-15iklthinkcentre_m710t_firmwares340-14iwl_firmwareqitian_a815v510z_\(yt_s5250\)_firmwarethinksystem_hr650x_\(skl\)_firmwarethinkpad_l450qitian_m4650_firmwarethinkpad_t470s_firmwarethinkcentre_e73s_firmwareaio520-24ikl_firmwarezhaoyang_e53-80thinkpad_r590thinkpad_p50aio_520-24aste42-80_firmwarethinkcentre_m800_firmware530s-15ikb_firmwarethinkpad_p43s_\(20rx\)_firmwarev330-15ikbideacentre_310s-08igm_firmwarethinkcentre_m700tthinkpad_t440sqt_b415s340-15iwl_firmwareyangtian_we_h110_firmware330-15ikbflex_5-1570\(r\)thinkpad_p70_firmwarexx_chao5000-ikbra_firmwarethinkpad_13thinkpad_t470thinkcentre_m7300zs530-13iwl_firmwarethinkcentre_m700s_firmwarethinkcentre_e74lenovo_v720-14ikb_firmwarelegion_y530-15ich_firmwareyangtian_mc_h110_pciqitian_m4550330c-15ikbrthinkpad_e480v520s-08iklxiaoxin_air_14iwl_firmwarethinkpad_l380_yoga330-17ikbr_firmwarethinkpad_s3thinkcentre_m8600t_firmwarethinkcentre_m820z_firmware720s_touch-15ikblegion_y7000p-1060thinkpad_e470xiaoxin-14iwl_qc_2019720s-14ikbrthinkcentre_m4600t_firmwarerescuer_y7000_firmwarem4500yangtian_afh110a340-24_iwlthinkpad_helixflex_6-14ikbthinkpad_w550s_firmwarev320-17ikbrxiaoxin-15_2019iwlyangtian_mf_h110_pci_firmwareideacentre_700thinkcentre_m900z_firmwareideacentre_310s-08asr720s-15ikbthinkcentre_m83z_\(aio\)_firmwarethinkcentre_m720q_firmwarethinkcentre_m715sthinkpad_l460_firmwarethinkcentre_s510thinkpad_w541thinkcentre_m715q_rrthinkcentre_m700za340-22icb_firmwarethinkcentre_e95z_firmwarexiaoxin_air-15iwl_2019_firmwarethinkcentre_e96zthinkcentre_m818z_firmwarev530-22icb\(yt_s4350\)_firmwaremiix_720-12ikb_firmwarewei5-15ikbthinkpad_x240s_firmwarea340-24_iwl_firmwarethinkcentre_m715q_rr_firmwarethinkpad_l460yoga_520-14ikb_firmware510s-08ikl_firmwarethinkcentre_m710ea340-22ast330c-14ikb_firmwarev410z\(yt_s4250\)_firmwarethinkstation_p310thinkpad_s2_yoga_4th_genthinksystem_odc5200-cn650sthinkcentre_m4500sthinkpad_11ethinkstation_e32_firmwarethinkpad_t460pthinkpad_p1s340-15iwlthinkpad_x140elegion_y520t_z370_firmwareideacentre_510-15icbideacentre_510s-08ish340c-15ikbthinkpad_l380_yoga_firmwarethinkpad_x1_tablet_firmware530s-14ikb_firmwarev320-14ikb_firmwarethinkcentre_m920tthinkcentre_m715t_firmwarethinkpad_x390thinkcentre_m710tthinkpad_s540v520s-08ikl_firmwarethinkcentre_m720ty7000_2019_1050_firmwarev110-15ikb_firmwarelegion_t530-28apr_reflashlegion_c530-19icb_firmwares540-15iwll340-15irhideacentre_700_firmwareqt_m415_firmware340c-15iwlv130-15ikb_firmwarethinkpad_s3_firmwarexiaoxin_air-14iwl_2019_firmware330c-15ikbr_firmwarev310-14iskxiaoxin_tide_7000-15_u22thinkpad_s531_firmwarethinkpad_t490_firmwareqitian_b4650_firmwarev540-24iwl\(yt_s5430\)330-15ikbr_firmwarezhaoyang_k42-80_firmwarethinkpad_l390_yogayoga_730-15ikb_firmwareflex_6-1470aio520-24iklthinkpad_x240_firmwarethinkcentre_m4600s_firmwarethinkpad_l450_firmwarethinkcentre_m700z_firmwarethinkpad_13_firmwaremiix_720-12ikblegion_y740-17irhgxiaoxin_air-15iwl_2019thinkpad_l570_firmwarethinkpad_w540_firmwareflex-14iwlflex-15iwl_firmwareyangtian_mc_h110_pci_firmwarethinkpad_e550cthinkpad_e490sthinkcentre_e95zv330-15isklegion_t530-28icb_reflashwei5-15ikb_firmware330-17ikbthinkpad_s540_firmware330-17ichthinkcentre_m600_firmwarev730-15ikb_firmwarea340-24icbthinkcentre_m910q_firmwares340-15iwl_touch_firmwareqt_m410_firmwarethinkpad_s2_yoga_3rd_gen_firmwarethinkcentre_m910zs340-14iwl_touch_firmwarethinkcentre_m920sthinkcentre_m710q_firmwareqitian_4500_firmwarethinkpad_x390_yogathinkcentre_m818zqt_m415thinkcentre_m8600tthinkpad_s1_yogathinkpad_e560thinksystem_hr650x_\(skl\)yangtian_mf_h110_pcithinkcentre_m910qrescuer_y7000\(1060\)510s-08iklideacentre_720-18apr_firmwarethinkcentre_m720s340c-15iwl_firmwarethinkcentre_m90n-1_firmwarexiaoxin_air_15ikbr_firmwarethinkpad_p43s_\(20rx\)v330-15igm_firmware530s-14ikbyangtian_wcc_h81_pci_firmwarethinkcentre_m810zyangtian_afh81_firmwarethinkcentre_m9500zthinkpad_x131e_firmwarethinkcentre_m810z_firmwareflex_6-1470_firmwarev510z_\(yt_s5250\)m4550_idv330-14ikbthinkpad_e480_firmwareflex_6-14ikb_firmwarethinkstation_p300thinkcentre_m6600yangtian_me_h110_firmwarel340-15iwl330-14ikbr_firmwareyangtian_wf_h110_pcithinkpad_t540pthinkcentre_m6600sthinkpad_t540p_firmwarelegion_y530-15ich\(1060\)thinkpad_t460_firmwarethinkpad_t460s_firmwarethinkstation_p330330-17ikbrl340-17iwl_firmwarethinkcentre_m700qthinkpad_x270_firmware63_firmwarethinkpad_s2_yoga_3rd_genthinkcentre_m6500sthinkcentre_m8500s_firmwarethinkpad_l490aio520-24arr330-15ichxiaoxin_tide_7000-15_u22_firmwarethinkpad_p71_firmware330c-15ikb_firmwareqitian_b4650thinkpad_l590_firmwarethinkcentre_e75tthinkcentre_m4500qs145-15iwl_firmwarexiaoxin_air_15iwl_firmwareqitian_a815_firmwareyta8900f_firmwarethinkpad_x260s145-15iwlthinkcentre_m910tthinkpad_x250_firmware530s-15iwl330c-15ikbthinkpad_yoga_260-s1thinkcentre_e75t_firmwarethinkstation_p330_firmwarethinkpad_s5_2nd_generation_firmwareaio_330-20igmaio520-27ikl_firmwaree52-80_firmwarethinkcentre_m920qthinkpad_p50_firmwarethinkpad_s3_3rd_gen_firmwarethinkcentre_m4500s_firmwarethinkcentre_m720t_firmwarethinkpad_x260_firmwarelegion_y730-15ichthinkpad_e590_firmwarezhaoyang_e53-80_firmwarethinkstation_p320_tinythinkcentre_m800thinkpad_t450thinkcentre_m800zthinkcentre_m900yangtian_mc_h110_firmwarethinkpad_t490thinkcentre_m93p_firmwarethinkpad_x280_firmwarethinkcentre_m93thinkpad_p73_firmwarethinkstation_p330_tiny_firmwares940-14iwllegion_y740-15ichg_firmwarethinkcentre_m8350zxiaoxin-14iwl_qc_2019_firmwareyoga_730-15iwl_firmwarel340-17iwls530-13iwlthinkcentre_m625qthinkpad_w550sthinkpad_l480thinkpad_e450_firmwarethinkpad_t460thinkpad_x390_firmware330-17ikb_firmwarethinkpad_r490_firmwares540-14iwls145-14ikbthinkpad_t440_firmwarethinkcentre_m8500tthinkcentre_m83z_\(aio\)thinkcentre_m93plegion_t530-28icb_firmware330-15ikbr_touch_firmwareideacentre_510a-15icb_firmwarexiaoxin_air_13iwlv320-17ikbr_firmwareideacentre_730s-24ikbflex-14iwl_firmwarev530-24icb\(yt_s5350\)xx_chao5000-ikbrathinkpad_10thinkcentre_m700q_firmwareyangtian_me_h110legion_y740-17ichg_firmwareqitian_b5900v310-15iskv530s-07icb63thinkpad_yoga_370yangtian_afq150aio520-24arr_firmwarev310-14ikb_firmwarek43c-80_firmware130-14ikbqitian_b4550thinkpad_e550c_firmwareideacentre_310s-08igmthinkpad_x140e_firmwareideacentre_300-20ish_firmwarethinkstation_p330_tinyyangtian_mf_h81_pci_firmwarea340-24icb_firmwarethinkcentre_m9350z_firmwarethinkpad_x240legion_y740-17irhg_firmwarethinkcentre_m800z_firmwareyoga_730-15iwlthinkpad_t450s_firmwarethinkcentre_m9500z_firmwarexiaoxin_air_14ikbr_firmwarethinkcentre_m920s_firmwarethinkpad_p52s_firmwareideacentre_720-18icbthinkcentre_m920z_firmwarethinkpad_t550_firmwarethinkcentre_m4600sthinkcentre_e74sv510-14ikb_firmwarethinkcentre_m610thinkpad_s531thinkpad_yoga_260-s1_firmwareideacentre_300-20ishthinkpad_t25_firmwareyangtian_wf_h81_pcithinkcentre_m920xyangtian_ytm6900e-00_firmwares940-14iwl_firmwarethinkcentre_m90n-1m4500_id_firmwarethinkcentre_e73720s-14ikbr_firmwareflex_5-1570\(r\)_firmwarelegion_y740-15irhgthinkcentre_m6500tv330-15ikb_firmwarethinkcentre_m910xrescuer_y7000\(1060\)_firmwarethinkcentre_m6600s_firmwarethinkpad_p53sthinkpad_t480sthinkpad_w541_firmwarethinkpad_p51_firmwarethinkcentre_m910sl340-15iwl_firmwareyangtian_ms_h81_firmwarelegion_c730-19ico_firmwareqitian_m4600thinkpad_e460_firmwarethinkstation_p320_firmwarethinkpad_11e_firmwarethinkpad_l570thinkcentre_m6600q_firmware530s-14iwlthinkcentre_m8500t_firmwareyangtian_ms_h81thinkpad_s5_yoga_15_firmwarezhaoyang_e43-80_kblthinkcentre_m900zthinkpad_e450c_firmwareaio520-27iklthinkpad_t490s_firmwarethinkpad_x240sideacentre_510s-08ish_firmwaree42-80thinkpad_l580yogo_a940-27icbyangtian_tc_h110_pci_firmwarelegion_t730-28ico_firmwarethinkcentre_m8300z_firmwareyangtian_we_h110thinkpad_s5_2nd_generation130-15ikb510-15ikl_firmwarelegion_y730-17ichm4500_idthinkcentre_m725syangtian_ytm6900e-00v310-15isk_firmwarethinkpad_e490s_firmwarethinkpad_s5thinkpad_t470p_firmwarethinkcentre_m725s_firmwarelegion_t530-28apr_reflash_firmwarelegion_y9000k_2019_firmwarev540-24iwl\(yt_s5430\)_firmwareyoga_730-13ikb_firmwarethinkpad_e490_firmware730s-13iwl_firmwarev320-15ikbthinkpad_t560thinkcentre_m8300zs145-14iwlthinkpad_s1_3rd_firmwarethinksystem_hr630x_\(skl\)_firmwarexiaoxin_tide_7000-15_u42_firmwarelegion_y530-15ichthinkcentre_m700t_firmwarethinkstation_p320_tiny_firmwarethinkcentre_m83thinkpad_p50sthinkpad_p53_firmwarev330-15isk_firmwarethinkcentre_e74z_firmwarethinksystem_hr630x_\(skl\)v520t-15ikl_firmwarethinkpad_s1_3rdthinkcentre_x1_aio_firmwarethinkcentre_m4500k_firmwarexiaoxin_air_15ikbrthinkcentre_e75s_firmwarethinkpad_p51v510-14ikbthinkcentre_m610_firmwareqitian_m4550_firmwarev730-15ikbthinkpad_t490sl340-15iwltouch_firmwarethinkpad_p73thinkpad_e560pthinkcentre_m93z_\(aio\)_firmwares145-14iwl_firmwarev530-24icb\(yt_s5350\)_firmwarethinkcentre_m715tyangtian_wc_h110_pci_firmwarethinkpad_t470sthinkpad_p72thinkcentre_m910t_firmwarethinkpad_e450thinkpad_t470pthinkcentre_m710syangtian_afh81thinkcentre_m4500tthinkcentre_m910z_firmwarethinkpad_yoga_370_firmwarethinkpad_e550_firmwareyoga_730-15ikbthinkcentre_m715s_firmwareaio520-22iku_firmwarethinkpad_t480thinkstation_e32thinkcentre_m600yangtian_tc_h110_pciThinkPad
CVE-2019-6189
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.42%
||
7 Day CHG~0.00%
Published-20 Nov, 2019 | 01:31
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_interface_foundationLenovo System Interface Foundation
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-6196
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.64%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:50
Updated-17 Sep, 2024 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-installation_packageInstallation Packages
CWE ID-CWE-426
Untrusted Search Path
CVE-2021-3922
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.98%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 16:10
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_interface_foundationIMController
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-4706
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.07% / 22.46%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 21:59
Updated-02 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-preload_directory1Lenovo Preload Directory
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-8327
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.10% / 29.04%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 21:05
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-vantageVantage
CWE ID-CWE-428
Unquoted Search Path or Element
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-8342
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.03% / 8.19%
||
7 Day CHG~0.00%
Published-15 Sep, 2020 | 14:20
Updated-17 Sep, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_updateSystem Update
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2019-19705
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.23%
||
7 Day CHG~0.00%
Published-26 Dec, 2022 | 00:00
Updated-14 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading.

Action-Not Available
Vendor-n/aLenovo Group Limited
Product-aio510-23ish_firmwareyangtian_mc_h110_pci_firmwareyangtian_mf\/wf_h110_pcithinkserver_ts250_firmwarethinkpad_t25yangtian_ytm6900e-00thinkcentre_m9500zaio_910-27ishthinkpad_yoga_11e_3rd_gensydney_e3_h110yangtian_mc_h110_firmwarethinkpad_p51s_firmwarethinkserver_ts450_firmwarethinkpad_l470_firmwarethinkcentre_m6600ideacentre_510s-08ishthinkpad_a475thinkpad_l480ideacentre_310-15iapthinkpad_l560yangtian_me\/we_h110thinkpad_t470sthinkpad_t460sthinkstation_p320thinkcentre_m900z_firmwarethinkpad_p50_firmwarethinkcentre_m818zthinkpad_t460pyangtian_mc_h110thinkcentre_e95zthinkcentre_m715qideacentre_310s-08iap_firmwareaio520-24iku_firmwareideacentre_620s-03ikl_firmwareaio520-22ikuthinkserver_ts150thinkstation_p320_tinyqt_a7400legion_y520t_z370_firmwarethinkpad_x1_carbonthinkpad_x1_carbon_firmwareideacentre_310-15asrthinkpad_13thinkpad_l570thinkpad_l390_yoga_firmwarethinkserver_ts250thinkpad_x260_firmwareideacentre_310-15iap_firmwareaio_y910-27ishaio520-24ikl_firmwarethinkcentre_m8600t\/sthinkpad_t580thinkpad_yoga_11e_3rd_gen_firmwarethinkpad_t25_firmwarethinkpad_s3_3rd_genthinkpad_l450thinkpad_x280thinkpad_l380thinkcentre_m710ethinkcentre_m910qthinkpad_p71thinkcentre_m715t\/sthinkserver_ts140thinkcentre_m900zthinkpad_p52syta8900f_firmwarethinkstation_p330_firmwarethinkpad_t480sideacentre_520s-23ikulenovo_v320-15iapideacentre_520s-23iku_firmwarethinkpad_t460aio310-20iapthinkcentre_m6600_firmwarethinkcentre_m910_t\/sthinkstation_p330_tinythinkcentre_m810zthinkcentre_e95z_firmwarelegion_y520t_z370thinkpad_t480_firmwarethinkcentre_m810z_firmwarethinkserver_ts150_firmwarethinkpad_x280_firmwareideacentre_310s-08iapthinkpad_t450sthinkcentre_x1_aio_firmwarethinkpad_l460legion_y720_tower_firmwarelenovo_v320-15iap_firmwarethinkstation_p330thinkcentre_m8300z_firmwarethinkpad_x270thinkpad_x250_firmwarethinkserver_ts550thinkcentre_e74zthinkcentre_m800aio520-22iklaio720-24ikb_firmwarethinkcentre_m6600t\/s_firmwareideacentre_620s-03iklthinkcentre_m910xthinkpad_l460_firmwareaio300-23isu_firmwarethinkcentre_m700q_firmwarethinkpad_l570_firmwarethinkpad_l580_firmwarev510z_\(yt_s5250\)_firmwarethinkcentre_m715q_firmwarethinkpad_x1_yogav410z\(yt_s4250\)thinkcentre_m710t\/s_firmwarethinkcentre_m710qthinkserver_ts450thinkpad_t480thinkcentre_m710q_firmwareaio520-24ikuthinkserver_ts240thinkpad_p71_firmwarethinkcentre_m8350zyangtian_afh110thinkcentre_m900thinkpad_t460_firmwarethinkpad_t560_firmwareaio_y910-27ish_firmwarethinkpad_t580_firmwarethinkpad_s3_3rd_gen_firmwareideacentre_510s-08iklthinkcentre_m8350z_firmwareideacentre_300s-11ish_firmwarev510z_\(yt_s5250\)aio520-24iklthinkserver_ts140_firmwarethinkpad_t470s_firmwarethinkcentre_m710t\/sthinkcentre_m700qthinkcentre_m700z_firmwarethinkcentre_m9550zthinkpad_p51_firmwareideacentre_610s-02ishaio520-22iku_firmwareideacentre_510s-08ikl_firmwarethinkpad_t560aio_910-27ish_firmwareaio300-23isuthinkpad_p50sthinkstation_p318_firmwarethinkcentre_m8300zaio510-23ishyangtian_me\/we_h110_firmwarethinkpad_x250thinkpad_t470ideacentre_510-15abrthinkcentre_m910zideacentre_700_firmwareideacentre_720-18asr_firmwarethinkstation_p310aio510-22ishlegion_y920_towerthinkcentre_m715t\/s_firmwarethinkcentre_m900_firmwareaio310-20iap_firmwarev410z\(yt_s4250\)_firmwarethinkcentre_m7300zthinkcentre_m800zaio520-22ikl_firmwareideacentre_610s-02ish_firmwareyangtian_ytm6900e-00_firmwareideacentre_510-15abr_firmwarethinkcentre_m710e_firmwareyangtian_afh110_firmwarethinkcentre_m910z_firmwarethinkstation_p320_firmwarethinkpad_13_firmwarethinkpad_yoga_11e_4th_genthinkpad_a275thinkpad_x1_tabletaio720-24ikbthinkpad_p70_firmwarethinkpad_s2_yoga_3rd_gen_firmwarethinkcentre_e74z_firmwarethinkpad_p51ideacentre_510s-08ish_firmwarethinkcentre_m6600t\/sthinkpad_t460s_firmwarethinkpad_t470pthinkpad_l580yangtian_afq150_firmwarethinkstation_p310_firmwarethinkcentre_m800_firmwarethinkpad_p50s_firmwarethinkpad_l450_firmwarethinkpad_x1_yoga_firmwaresydney_e3_h110_firmwarethinkstation_p318v310z\(yt_s3150\)_firmwareideacentre_310-15asr_firmwarethinkcentre_m910x_firmwarethinkcentre_m8600t\/s_firmwareyangtian_afq150legion_y720_towerthinkpad_t570_firmwarethinkpad_l560_firmwarethinkpad_t460p_firmwareyangtian_mf\/wf_h110_pci_firmwarethinkcentre_m700zthinkstation_p320_tiny_firmwarethinkpad_l380_firmwarethinkpad_x260ideacentre_720-18asrthinkcentre_m6600q_firmwareaio520-27iklthinkpad_x1_tablet_firmwareaio520-27ikl_firmwarethinkcentre_m700t\/sthinkpad_l480_firmwarethinkcentre_m7300z_firmwarethinkcentre_x1_aiothinkpad_l380_yogalegion_y720t_amdthinkpad_p50ideacentre_510-15ikl_firmwareyta8900fideacentre_300s-11ishthinkcentre_m818z_firmwarethinkpad_p52s_firmwarethinkpad_t570thinkpad_p51syangtian_tc\/wc_h110_pci_firmwareideacentre_700thinkpad_s2_yoga_4th_genthinkpad_t450s_firmwarethinkpad_t450_firmwarev310z\(yt_s3150\)thinkcentre_m800z_firmwarethinkcentre_m910_t\/s_firmwarethinkpad_t450thinkpad_t480s_firmwarethinkpad_s2_yoga_3rd_genideacentre_310a-15iap_firmwarethinkpad_t470p_firmwarethinkpad_yoga_11e_4th_gen_firmwarethinkpad_l13_yogathinkpad_a275_firmwareideacentre_510-15iklthinkpad_s2_yoga_4th_gen_firmwareaio510-22ish_firmwarethinkcentre_m6600qlegion_y920_tower_firmwarethinkpad_a475_firmwareyangtian_mc_h110_pcithinkpad_p70thinkserver_ts550_firmwarethinkpad_l470yangtian_tc\/wc_h110_pcithinkcentre_m9500z_firmwarethinkpad_l390_yogathinkpad_l13_yoga_firmwarethinkcentre_m9550z_firmwarethinkcentre_m700t\/s_firmwarethinkcentre_e74s_firmwareyangtian_s4150_firmwarethinkcentre_e74sthinkserver_ts240_firmwarethinkcentre_m910q_firmwarethinkpad_t470_firmwarelegion_y720t_amd_firmwarethinkstation_p330_tiny_firmwarethinkpad_l380_yoga_firmwareqt_a7400_firmwareideacentre_310a-15iapyangtian_s4150thinkpad_x270_firmwaren/a
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2019-0164
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.07% / 22.19%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aLenovo Group LimitedIntel Corporation
Product-thinkstation_p910_firmwarethinkstation_p710_firmwarethinkstation_p510thinkstation_p710thinkstation_p910thinkstation_p410_firmwarethinkstation_p410thinkstation_p510_firmwareturbo_boost_max_technology_3.0Intel(R) Turbo Boost Max Technology 3.0
CWE ID-CWE-264
Not Available
CVE-2021-3614
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 13.87%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 20:30
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.

Action-Not Available
Vendor-Lenovo Group Limited
Product-ideapad_yoga_s940-14iil_firmwareideapad_730-13imlideapad_s940-14iwlv130-15igm_firmwarev130-15ikb_firmwareideapad_s940-14iilideapad_yoga_s940-14iwlideapad_flex_5-15alc05ideapad_flex_5-14alc05ideapad_slim_1-14ast-05_firmwareideapad_yoga_s940-14iil100e_2nd_genv330-15isk_firmwareideapad_slim_1-11ast-05ideapad_slim_1-11ast-05_firmwareideapad_1-14igl05_firmwareideapad_yoga_s940-14iwl_firmware100e_2nd_gen_firmwareideapad_yoga_c940-15irh_firmwareideapad_1-14ada05_firmwarev130-15ikbideapad_1-11ada05_firmware300e_2nd_genideapad_yoga_c940-15irh300e_2nd_gen_firmwareideapad_1-11igl05ideapad_flex_5-15alc05_firmwareideapad_flex_5-14alc05_firmwareideapad_1-14ada05ideapad_1-11igl05_firmwareideapad_slim_1-14ast-05v330-15ikbv330-15iskideapad_1-11ada05ideapad_s940-14iwl_firmwareideapad_1-14igl05ideapad_s940-14iil_firmwareideapad_yoga_s730-13iml_firmwarev130-15igmideapad_yoga_s730-13imlv330-15ikb_firmwareideapad_730-13iml_firmwareNotebook BIOS
CWE ID-CWE-636
Not Failing Securely ('Failing Open')
CVE-2020-8319
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.12% / 31.93%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 21:05
Updated-16 Sep, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_interface_foundationLenovo System Interface Foundation
CVE-2020-8326
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.13% / 32.99%
||
7 Day CHG~0.00%
Published-24 Jul, 2020 | 16:10
Updated-17 Sep, 2024 | 03:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-drivers_managementDrivers Management
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-8318
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.12% / 31.93%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 21:05
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_interface_foundationLenovoSystemUpdatePlugin for Lenovo System Interface Foundation
CVE-2022-0354
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.05% / 15.68%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_updateSystem Update
CVE-2022-1513
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-1.10% / 77.11%
||
7 Day CHG-0.03%
Published-23 Aug, 2022 | 17:25
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPCManager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-3969
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.98%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 16:10
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_interface_foundationIMController
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-8317
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.14% / 35.16%
||
7 Day CHG~0.00%
Published-24 Jul, 2020 | 16:10
Updated-17 Sep, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-drivers_managementDrivers Management
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-6172
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.09% / 27.00%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 20:40
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution.

Action-Not Available
Vendor-Lenovo Group Limited
Product-s340-15iwl_touchl340-17irh_firmwarezhaoyang_e43-80_kbl_firmwareqitian_m4650v330-14isk_firmwarea340-22_iwl_firmware720s-15ikb_firmwarethinkpad_e490ideacentre_730s-24ikb_firmwarev110-15ikbthinkcentre_m73p130-15ikb_firmwarethinkcentre_m720qlegion_y740-17ichgthinkpad_p51sthinkpad_p53thinkpad_e450cthinkcentre_m79_firmwareyta8900fthinkpad_p72_firmwarethinkpad_l590thinkcentre_e93_firmwarerescuer_y7000p\(1060\)130-14ikb_firmwareyangtian_ws_h81_firmwarethinkpad_p52thinkpad_e560p_firmwarethinkpad_p70aio_330-20astthinkpad_e470_firmware330-15ikbrv530s-07icb_firmwarem4500_firmwarethinkpad_e460thinkpad_yoga_11ethinkpad_x280thinkcentre_m83_firmwarethinkstation_p318_firmwarethinkpad_tablet_8_firmwarec340-14iwl_firmwarelegion_t530-28icbthinkpad_l470_firmwares540-14iwl_firmwarelegion_t730-28ico330c-14ikbs540-14iwl_touch_firmwarethinkpad_l380_firmwarelegion_y740-15ichgthinkcentre_e74_firmwarethinkpad_r590_firmwareqitian_b5900_firmwarethinkpad_t560_firmwarethinkpad_t580thinkcentre_m4500kthinkcentre_m6500t_firmwarethinkcentre_m93z_\(aio\)yoga_s940-14iwl_firmwarethinkpad_x1_yogathinkcentre_m625q_firmwarethinkpad_t570_firmwarelegion_y520t_z370legion_t530-28icb_reflash_firmwarethinkcentre_m4500t_firmwares340-14iwlqt_b415_firmwareyangtian_wf_h81_pci_firmwareqitian_m4600_firmware340c-15ikb_firmwarethinkcentre_m910x_firmwarethinkcentre_m910s_firmwareyangtian_afh110_firmwareyangtian_wf_h110_pci_firmwarethinkpad_x380_yoga_firmwareyangtian_afq150_firmwarev320-14ikby7000_2019_1050v330-14ikb_firmwarethinkpad_w540h50-30g_desktopv330-14iskyoga_s940-14iwlyangtian_tc_h81_pci_firmwarethinkcentre_x1_aiothinkpad_p52_firmwarethinkpad_s2_yoga_4th_gen_firmwarethinkcentre_m720s_firmwarethinkpad_t580_firmwarelegion_t530-28aprideacentre_720-18icb_firmwareyoga530-14ikb_firmwares540-14iwl_touchthinkcentre_m4600tthinkcentre_m920q_firmwarezhaoyang_k42-80thinkpad_t25lenovo_v720-14ikbqt_a7400s540-15iwl_firmwareaio_330-20igm_firmwarethinkpad_t460sideacentre_300s-11ish_firmware510-15iklaio_520-24ast_firmwareyangtian_mf_h81_pci330-14ikb_firmware720s_touch-15ikb_firmwarethinkpad_e570thinkcentre_m79v310-14ikbthinkstation_p318thinkcentre_m700sthinkpad_x1_extreme_firmwarev130-14ikbthinkcentre_m6600t_firmware330-15ikb_firmwarethinkpad_e550thinkcentre_m8600s_firmwarec340-14iwlv310-15ikb_firmwareyoga_730-13iwl_firmwarethinkcentre_m715q_firmwarethinkpad_tablet_10_firmwarethinkcentre_m73_firmwarethinkpad_t440qitian_b4550_firmwarethinkpad_e580thinkcentre_e73_firmwarethinkcentre_m920t_firmwarethinkcentre_e93thinkcentre_m6500s_firmwareyoga_11e_3rd_genthinkpad_p71thinkcentre_m710q330-15ikbr_touchthinkpad_10_firmwarethinkpad_p51s_firmwarethinkcentre_m710e_firmwarethinkcentre_m8500ss145-15ikbthinkpad_x250thinkcentre_m900_firmwarev310z\(yt_s3150\)_firmware330-15ich_firmwarel340-15iwltouchthinkcentre_e75sthinkcentre_m920zyangtian_mc_h81_firmwarethinkcentre_m9550zthinkcentre_e74zideacentre_720-18aprthinkcentre_m9550z_firmwarethinkpad_helix_firmwarethinkpad_t480s_firmwarelegion_y9000p_2019_firmwarethinkpad_s3_3rd_genthinkcentre_m73p_firmwarelegion_y9000p_2019v130-14ikb_firmwarexiaoxin_tide_7000-15_u42thinkcentre_m7300z_firmwarethinkcentre_m6600qthinkcentre_m8350z_firmwarev310-14isk_firmwares145-14ikb_firmwarec340-15iwlwei5-14ikb_firmwarethinksystem_odc5200-cn650s_firmwarelegion_y740-15irhg_firmwarethinkcentre_m820zv110-14ikb_firmwarev310z\(yt_s3150\)v110-14ikbthinkpad_l560_firmwarethinkcentre_s510_firmwarelegion_y730-15ich_firmware330-14ikbthinkpad_p53s_firmwares145-15ikb_firmwareyangtian_tc_h81_pciyoga_s730-13iwll340-15irh_firmwarethinkstation_p300_firmwarel340-17irhthinkpad_p52sthinkpad_t470_firmwarethinkcentre_m73_tiny_firmwarethinkcentre_m920x_firmwarethinkcentre_m6600_firmwarethinkpad_t480_firmware530s-14iwl_firmwarethinkpad_x1_carbon_firmwarerescuer_y7000p\(1060\)_firmwarelegion_c730-19icothinkcentre_m4500q_firmwarethinkpad_e580_firmwareaio520-24iku_firmwarem4550_id_firmware530s-15ikbthinkpad_t570thinkpad_l560ideacentre_510-15icb_firmwarethinkcentre_m6600tthinkpad_t590yoga_11e_4th_gen_firmwarethinkpad_t550xiaoxin-14_2019iwlthinkpad_x1_tabletwei5-14ikbxiaoxin-14_2019iwl_firmwarethinkpad_t450sqt_a7400_firmwarev130-15ikbthinkcentre_m73yangtian_ws_h81rescuer_y7000yoga_s730-13iwl_firmwarev530-22icb\(yt_s4350\)thinkstation_p310_firmwareaio520-22ikuthinkpad_tablet_8thinkcentre_e96z_firmwarethinkpad_l390_yoga_firmwaree52-80yangtian_mc_h110thinkpad_x270k43c-80thinkpad_l580_firmwarev510-15ikbthinkcentre_m715qyoga_520-14ikbh50-30g_desktop_firmwarethinkpad_p50s_firmwarelegion_y530-15ich\(1060\)_firmwareaio520-22ikl_firmwareideacentre_300s-11ishv320-15ikb_firmwarethinkpad_t440p_firmwarethinkpad_l470xiaoxin_air-14iwl_2019thinkpad_t440s_firmwarethinkpad_e570_firmwarethinkpad_s5_firmwareyogo_a940-27icb_firmwarethinkpad_t440pideacentre_310s-08asr_firmwarethinkcentre_m9350zthinkpad_tablet_10a340-22_iwllegion_y9000k_2019thinkpad_x390_yoga_firmwareyoga_11e_4th_gen730s-13iwlthinkpad_l380thinkpad_t450_firmwarelegion_t530-28apr_firmwarethinkpad_x1_yoga_firmwarethinkpad_t590_firmwares340-14iwl_touchthinkpad_s1_yoga_firmwarethinkpad_x1_extremelegion_c530-19icbyangtian_wcc_h81_pcithinkpad_l490_firmwarethinkcentre_e73syoga530-14ikbthinkpad_x1_carbonthinkpad_e560_firmwarelegion_y7000p-1060_firmwarethinkpad_t460p_firmwarexiaoxin_air_14iwlthinkcentre_m8600s330-17ich_firmwarev310-15ikbxiaoxin-15_2019iwl_firmwarethinkpad_r490yangtian_mc_h81flex-15iwlaio_330-20ast_firmwareideacentre_510a-15icblegion_y730-17ich_firmwareyoga_11e_3rd_gen_firmwarethinkcentre_m710s_firmwarethinkpad_e590xiaoxin_air_14ikbrc340-15iwl_firmwarethinkcentre_m73_tinya340-22icbthinkcentre_e74s_firmwareyangtian_wc_h110_pcithinkpad_p1_firmwarethinkpad_s5_yoga_15v330-15igma340-22ast_firmwareqt_m410xiaoxin_air_15iwlthinkpad_yoga_11e_firmware330-14ikbryoga_730-13ikbv510-15ikb_firmwarev410z\(yt_s4250\)aio520-22iklthinkpad_l480_firmwarethinkpad_x380_yoga530s-15iwl_firmwarexiaoxin_air_13iwl_firmwareaio520-24ikurescuer_y7000pthinkpad_x131ethinkstation_p320rescuer_y7000p_firmwareqitian_4500thinkcentre_m93_firmwareyoga_730-13iwlv520t-15iklthinkcentre_m710t_firmwares340-14iwl_firmwareqitian_a815v510z_\(yt_s5250\)_firmwarethinksystem_hr650x_\(skl\)_firmwarethinkpad_l450qitian_m4650_firmwarethinkpad_t470s_firmwarethinkcentre_e73s_firmwareaio520-24ikl_firmwarezhaoyang_e53-80thinkpad_r590thinkpad_p50aio_520-24aste42-80_firmwarethinkcentre_m800_firmware530s-15ikb_firmwarethinkpad_p43s_\(20rx\)_firmwarev330-15ikbideacentre_310s-08igm_firmwarethinkcentre_m700tthinkpad_t440sqt_b415s340-15iwl_firmwareyangtian_we_h110_firmware330-15ikbflex_5-1570\(r\)thinkpad_p70_firmwarexx_chao5000-ikbra_firmwarethinkpad_13thinkpad_t470thinkcentre_m7300zs530-13iwl_firmwarethinkcentre_m700s_firmwarethinkcentre_e74lenovo_v720-14ikb_firmwarelegion_y530-15ich_firmwareyangtian_mc_h110_pciqitian_m4550330c-15ikbrthinkpad_e480v520s-08iklxiaoxin_air_14iwl_firmwarethinkpad_l380_yoga330-17ikbr_firmwarethinkpad_s3thinkcentre_m8600t_firmwarethinkcentre_m820z_firmware720s_touch-15ikblegion_y7000p-1060thinkpad_e470xiaoxin-14iwl_qc_2019720s-14ikbrthinkcentre_m4600t_firmwarerescuer_y7000_firmwarem4500yangtian_afh110a340-24_iwlthinkpad_helixflex_6-14ikbthinkpad_w550s_firmwarev320-17ikbrxiaoxin-15_2019iwlyangtian_mf_h110_pci_firmwareideacentre_700thinkcentre_m900z_firmwareideacentre_310s-08asr720s-15ikbthinkcentre_m83z_\(aio\)_firmwarethinkcentre_m720q_firmwarethinkcentre_m715sthinkpad_l460_firmwarethinkcentre_s510thinkpad_w541thinkcentre_m715q_rrthinkcentre_m700za340-22icb_firmwarethinkcentre_e95z_firmwarexiaoxin_air-15iwl_2019_firmwarethinkcentre_e96zthinkcentre_m818z_firmwarev530-22icb\(yt_s4350\)_firmwaremiix_720-12ikb_firmwarewei5-15ikbthinkpad_x240s_firmwarea340-24_iwl_firmwarethinkcentre_m715q_rr_firmwarethinkpad_l460yoga_520-14ikb_firmware510s-08ikl_firmwarethinkcentre_m710ea340-22ast330c-14ikb_firmwarev410z\(yt_s4250\)_firmwarethinkstation_p310thinkpad_s2_yoga_4th_genthinksystem_odc5200-cn650sthinkcentre_m4500sthinkpad_11ethinkstation_e32_firmwarethinkpad_t460pthinkpad_p1s340-15iwlthinkpad_x140elegion_y520t_z370_firmwareideacentre_510-15icbideacentre_510s-08ish340c-15ikbthinkpad_l380_yoga_firmwarethinkpad_x1_tablet_firmware530s-14ikb_firmwarev320-14ikb_firmwarethinkcentre_m920tthinkcentre_m715t_firmwarethinkpad_x390thinkcentre_m710tthinkpad_s540v520s-08ikl_firmwarethinkcentre_m720ty7000_2019_1050_firmwarev110-15ikb_firmwarelegion_t530-28apr_reflashlegion_c530-19icb_firmwares540-15iwll340-15irhideacentre_700_firmwareqt_m415_firmware340c-15iwlv130-15ikb_firmwarethinkpad_s3_firmwarexiaoxin_air-14iwl_2019_firmware330c-15ikbr_firmwarev310-14iskxiaoxin_tide_7000-15_u22thinkpad_s531_firmwarethinkpad_t490_firmwareqitian_b4650_firmwarev540-24iwl\(yt_s5430\)330-15ikbr_firmwarezhaoyang_k42-80_firmwarethinkpad_l390_yogayoga_730-15ikb_firmwareflex_6-1470aio520-24iklthinkpad_x240_firmwarethinkcentre_m4600s_firmwarethinkpad_l450_firmwarethinkcentre_m700z_firmwarethinkpad_13_firmwaremiix_720-12ikblegion_y740-17irhgxiaoxin_air-15iwl_2019thinkpad_l570_firmwarethinkpad_w540_firmwareflex-14iwlflex-15iwl_firmwareyangtian_mc_h110_pci_firmwarethinkpad_e550cthinkpad_e490sthinkcentre_e95zv330-15isklegion_t530-28icb_reflashwei5-15ikb_firmware330-17ikbthinkpad_s540_firmware330-17ichthinkcentre_m600_firmwarev730-15ikb_firmwarea340-24icbthinkcentre_m910q_firmwares340-15iwl_touch_firmwareqt_m410_firmwarethinkpad_s2_yoga_3rd_gen_firmwarethinkcentre_m910zs340-14iwl_touch_firmwarethinkcentre_m920sthinkcentre_m710q_firmwareqitian_4500_firmwarethinkpad_x390_yogathinkcentre_m818zqt_m415thinkcentre_m8600tthinkpad_s1_yogathinkpad_e560thinksystem_hr650x_\(skl\)yangtian_mf_h110_pcithinkcentre_m910qrescuer_y7000\(1060\)510s-08iklideacentre_720-18apr_firmwarethinkcentre_m720s340c-15iwl_firmwarethinkcentre_m90n-1_firmwarexiaoxin_air_15ikbr_firmwarethinkpad_p43s_\(20rx\)v330-15igm_firmware530s-14ikbyangtian_wcc_h81_pci_firmwarethinkcentre_m810zyangtian_afh81_firmwarethinkcentre_m9500zthinkpad_x131e_firmwarethinkcentre_m810z_firmwareflex_6-1470_firmwarev510z_\(yt_s5250\)m4550_idv330-14ikbthinkpad_e480_firmwareflex_6-14ikb_firmwarethinkstation_p300thinkcentre_m6600yangtian_me_h110_firmwarel340-15iwl330-14ikbr_firmwareyangtian_wf_h110_pcithinkpad_t540pthinkcentre_m6600sthinkpad_t540p_firmwarelegion_y530-15ich\(1060\)thinkpad_t460_firmwarethinkpad_t460s_firmwarethinkstation_p330330-17ikbrl340-17iwl_firmwarethinkcentre_m700qthinkpad_x270_firmware63_firmwarethinkpad_s2_yoga_3rd_genthinkcentre_m6500sthinkcentre_m8500s_firmwarethinkpad_l490aio520-24arr330-15ichxiaoxin_tide_7000-15_u22_firmwarethinkpad_p71_firmware330c-15ikb_firmwareqitian_b4650thinkpad_l590_firmwarethinkcentre_e75tthinkcentre_m4500qs145-15iwl_firmwarexiaoxin_air_15iwl_firmwareqitian_a815_firmwareyta8900f_firmwarethinkpad_x260s145-15iwlthinkcentre_m910tthinkpad_x250_firmware530s-15iwl330c-15ikbthinkpad_yoga_260-s1thinkcentre_e75t_firmwarethinkstation_p330_firmwarethinkpad_s5_2nd_generation_firmwareaio_330-20igmaio520-27ikl_firmwaree52-80_firmwarethinkcentre_m920qthinkpad_p50_firmwarethinkpad_s3_3rd_gen_firmwarethinkcentre_m4500s_firmwarethinkcentre_m720t_firmwarethinkpad_x260_firmwarelegion_y730-15ichthinkpad_e590_firmwarezhaoyang_e53-80_firmwarethinkstation_p320_tinythinkcentre_m800thinkpad_t450thinkcentre_m800zthinkcentre_m900yangtian_mc_h110_firmwarethinkpad_t490thinkcentre_m93p_firmwarethinkpad_x280_firmwarethinkcentre_m93thinkpad_p73_firmwarethinkstation_p330_tiny_firmwares940-14iwllegion_y740-15ichg_firmwarethinkcentre_m8350zxiaoxin-14iwl_qc_2019_firmwareyoga_730-15iwl_firmwarel340-17iwls530-13iwlthinkcentre_m625qthinkpad_w550sthinkpad_l480thinkpad_e450_firmwarethinkpad_t460thinkpad_x390_firmware330-17ikb_firmwarethinkpad_r490_firmwares540-14iwls145-14ikbthinkpad_t440_firmwarethinkcentre_m8500tthinkcentre_m83z_\(aio\)thinkcentre_m93plegion_t530-28icb_firmware330-15ikbr_touch_firmwareideacentre_510a-15icb_firmwarexiaoxin_air_13iwlv320-17ikbr_firmwareideacentre_730s-24ikbflex-14iwl_firmwarev530-24icb\(yt_s5350\)xx_chao5000-ikbrathinkpad_10thinkcentre_m700q_firmwareyangtian_me_h110legion_y740-17ichg_firmwareqitian_b5900v310-15iskv530s-07icb63thinkpad_yoga_370yangtian_afq150aio520-24arr_firmwarev310-14ikb_firmwarek43c-80_firmware130-14ikbqitian_b4550thinkpad_e550c_firmwareideacentre_310s-08igmthinkpad_x140e_firmwareideacentre_300-20ish_firmwarethinkstation_p330_tinyyangtian_mf_h81_pci_firmwarea340-24icb_firmwarethinkcentre_m9350z_firmwarethinkpad_x240legion_y740-17irhg_firmwarethinkcentre_m800z_firmwareyoga_730-15iwlthinkpad_t450s_firmwarethinkcentre_m9500z_firmwarexiaoxin_air_14ikbr_firmwarethinkcentre_m920s_firmwarethinkpad_p52s_firmwareideacentre_720-18icbthinkcentre_m920z_firmwarethinkpad_t550_firmwarethinkcentre_m4600sthinkcentre_e74sv510-14ikb_firmwarethinkcentre_m610thinkpad_s531thinkpad_yoga_260-s1_firmwareideacentre_300-20ishthinkpad_t25_firmwareyangtian_wf_h81_pcithinkcentre_m920xyangtian_ytm6900e-00_firmwares940-14iwl_firmwarethinkcentre_m90n-1m4500_id_firmwarethinkcentre_e73720s-14ikbr_firmwareflex_5-1570\(r\)_firmwarelegion_y740-15irhgthinkcentre_m6500tv330-15ikb_firmwarethinkcentre_m910xrescuer_y7000\(1060\)_firmwarethinkcentre_m6600s_firmwarethinkpad_p53sthinkpad_t480sthinkpad_w541_firmwarethinkpad_p51_firmwarethinkcentre_m910sl340-15iwl_firmwareyangtian_ms_h81_firmwarelegion_c730-19ico_firmwareqitian_m4600thinkpad_e460_firmwarethinkstation_p320_firmwarethinkpad_11e_firmwarethinkpad_l570thinkcentre_m6600q_firmware530s-14iwlthinkcentre_m8500t_firmwareyangtian_ms_h81thinkpad_s5_yoga_15_firmwarezhaoyang_e43-80_kblthinkcentre_m900zthinkpad_e450c_firmwareaio520-27iklthinkpad_t490s_firmwarethinkpad_x240sideacentre_510s-08ish_firmwaree42-80thinkpad_l580yogo_a940-27icbyangtian_tc_h110_pci_firmwarelegion_t730-28ico_firmwarethinkcentre_m8300z_firmwareyangtian_we_h110thinkpad_s5_2nd_generation130-15ikb510-15ikl_firmwarelegion_y730-17ichm4500_idthinkcentre_m725syangtian_ytm6900e-00v310-15isk_firmwarethinkpad_e490s_firmwarethinkpad_s5thinkpad_t470p_firmwarethinkcentre_m725s_firmwarelegion_t530-28apr_reflash_firmwarelegion_y9000k_2019_firmwarev540-24iwl\(yt_s5430\)_firmwareyoga_730-13ikb_firmwarethinkpad_e490_firmware730s-13iwl_firmwarev320-15ikbthinkpad_t560thinkcentre_m8300zs145-14iwlthinkpad_s1_3rd_firmwarethinksystem_hr630x_\(skl\)_firmwarexiaoxin_tide_7000-15_u42_firmwarelegion_y530-15ichthinkcentre_m700t_firmwarethinkstation_p320_tiny_firmwarethinkcentre_m83thinkpad_p50sthinkpad_p53_firmwarev330-15isk_firmwarethinkcentre_e74z_firmwarethinksystem_hr630x_\(skl\)v520t-15ikl_firmwarethinkpad_s1_3rdthinkcentre_x1_aio_firmwarethinkcentre_m4500k_firmwarexiaoxin_air_15ikbrthinkcentre_e75s_firmwarethinkpad_p51v510-14ikbthinkcentre_m610_firmwareqitian_m4550_firmwarev730-15ikbthinkpad_t490sl340-15iwltouch_firmwarethinkpad_p73thinkpad_e560pthinkcentre_m93z_\(aio\)_firmwares145-14iwl_firmwarev530-24icb\(yt_s5350\)_firmwarethinkcentre_m715tyangtian_wc_h110_pci_firmwarethinkpad_t470sthinkpad_p72thinkcentre_m910t_firmwarethinkpad_e450thinkpad_t470pthinkcentre_m710syangtian_afh81thinkcentre_m4500tthinkcentre_m910z_firmwarethinkpad_yoga_370_firmwarethinkpad_e550_firmwareyoga_730-15ikbthinkcentre_m715s_firmwareaio520-22iku_firmwarethinkpad_t480thinkstation_e32thinkcentre_m600yangtian_tc_h110_pciThinkPad
CVE-2019-6165
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.07% / 21.13%
||
7 Day CHG~0.00%
Published-19 Aug, 2019 | 14:56
Updated-16 Sep, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended support for PaperDisplay Hotkey software as the Night light feature introduced in Windows 10 Build 1703 provides similar features.

Action-Not Available
Vendor-Lenovo Group Limited
Product-yoga_700-14iskyoga_700-11isk_firmwareyoga_700-11iskyoga_700-14isk_firmwarePaperDisplay Hotkey Service
CWE ID-CWE-426
Untrusted Search Path
CVE-2021-3840
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-8.8||HIGH
EPSS-1.70% / 81.55%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:05
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE classifies this weakness as an Uncontrolled Search Path Element (CWE-427) in which a private package dependency may be replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi. The configuration has been updated to only install components built by Antilles, removing all other public package indexes. Additionally, the antilles-tools dependency has been published to PyPi.

Action-Not Available
Vendor-AntillesLenovo Group Limited
Product-antillesAntilles
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-4132
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.57%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:16
Updated-17 Oct, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-lock_screenLock Screenlock_screen
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-3550
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.13%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 20:30
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPCManager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-33582
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.64%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:17
Updated-15 Oct, 2024 | 12:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Service Frameworkservice_framework
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-33580
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.64%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:17
Updated-15 Oct, 2024 | 12:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Personal Cloudpersonal_cloud
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-33579
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.64%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:16
Updated-15 Oct, 2024 | 12:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Baiyingbaiying
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-4131
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.57%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:15
Updated-17 Oct, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-emulatorEmulatoremulator
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-4130
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.57%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:15
Updated-17 Oct, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-app_storeApp Storeapp_store
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-3078
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.20%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 16:47
Updated-08 Oct, 2024 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-universal_device_clientUniversal Device Client (UDC)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-33581
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.64%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:17
Updated-15 Oct, 2024 | 12:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-PC Manager AI intelligent scenariopcmanager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-33578
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.64%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:16
Updated-15 Oct, 2024 | 12:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Leyunleyun
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-4632
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.82%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 21:58
Updated-03 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_updateLenovo System Update
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-3464
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.81%
||
7 Day CHG~0.00%
Published-27 Apr, 2021 | 15:27
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPCManager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-6338
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.36%
||
7 Day CHG~0.00%
Published-03 Jan, 2024 | 21:00
Updated-03 Jun, 2025 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-universal_device_clientUniversal Device Client (UDC)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-1729
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 2.02%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 19:17
Updated-17 Jul, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-TrackPoint Quick Menu
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-9046
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.93%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:16
Updated-17 Oct, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-starstudiostARstudiostarstudio
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-4089
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.57%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:15
Updated-17 Oct, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-superfileSuperFilesuperfile
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-20769
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.05%
||
7 Day CHG~0.00%
Published-17 Apr, 2020 | 13:32
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier). DLL Hijacking can occur via a Trojan horse DLL in the current working directory. The LG ID is LVE-MOT-190001 (November 2019).

Action-Not Available
Vendor-n/aLG Electronics Inc.
Product-pc_suiteg3n/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-6692
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.19%
||
7 Day CHG~0.00%
Published-24 Oct, 2019 | 13:46
Updated-25 Oct, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-forticlientFortinet FortiClient for Windows
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-6858
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-22 Jan, 2020 | 13:59
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX Configurator (Software Version prior to V1.0.8.1), which could cause privilege escalation when injecting a malicious DLL.

Action-Not Available
Vendor-n/a
Product-msx_configuratorMSX Configurator (Software Version prior to V1.0.8.1)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-7365
Matching Score-4
Assigner-Autodesk
ShareView Details
Matching Score-4
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.17%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 17:01
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autodesk_desktopAutodesk Desktop Application
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-5701
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.25%
||
7 Day CHG~0.00%
Published-09 Nov, 2019 | 01:48
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution.

Action-Not Available
Vendor-NVIDIA Corporation
Product-geforce_experienceNVIDIA GeForce Experience
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-43940
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.89%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 03:15
Updated-08 Oct, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

Action-Not Available
Vendor-Microsoft CorporationAtlassian
Product-confluence_data_centerwindowsconfluence_serverConfluence ServerConfluence Data Centerconfluence_data_centerconfluence_server
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-44206
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-7.3||HIGH
EPSS-0.05% / 15.49%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:29
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service

Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-true_imagewindowscyber_protect_home_officeAcronis Cyber Protect Home OfficeAcronis True Image 2021
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2017-4987
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.07% / 22.37%
||
7 Day CHG~0.00%
Published-19 Jun, 2017 | 12:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on the targeted VNX Control Station system, aka an uncontrolled search path vulnerability.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-vnx2vnx2_firmwarevnx1_firmwarevnx1EMC VNX2 versions prior to OE for File 8.1.9.211, EMC VNX1 versions prior to OE for File 7.1.80.8
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-49391
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.40%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 09:48
Updated-18 Oct, 2024 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-cyber_filesAcronis Cyber Filescyber_files
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-44463
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.1||HIGH
EPSS-0.04% / 11.50%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 19:09
Updated-17 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Emerson DeltaV Uncontrolled Search Path Element

Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.

Action-Not Available
Vendor-emersonn/a
Product-deltavn/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-44205
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-7.3||HIGH
EPSS-0.05% / 15.49%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:29
Updated-17 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation due to DLL hijacking vulnerability

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-true_imagewindowscyber_protect_home_officeAcronis Cyber Protect Home OfficeAcronis True Image 2021
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-44226
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.06% / 19.51%
||
7 Day CHG~0.00%
Published-23 Mar, 2022 | 00:00
Updated-04 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there.

Action-Not Available
Vendor-razern/aMicrosoft Corporation
Product-windowssynapsen/a
CWE ID-CWE-427
Uncontrolled Search Path Element
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 8
  • 9
  • Next
Details not found