Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-4573

Summary
Assigner-lenovo
Assigner Org ID-da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At-30 Oct, 2023 | 14:34
Updated At-06 Sep, 2024 | 20:41
Rejected At-
Credits

An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:lenovo
Assigner Org ID:da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At:30 Oct, 2023 | 14:34
Updated At:06 Sep, 2024 | 20:41
Rejected At:
▼CVE Numbering Authority (CNA)

An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected Products
Vendor
Lenovo Group LimitedLenovo
Product
ThinkPad X1 Fold Gen 1
Default Status
unaffected
Versions
Affected
  • various
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-106014.

Configurations
Workarounds
Exploits
Credits
finder
Lenovo thanks Yngweijw for reporting this issue.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.lenovo.com/us/en/product_security/LEN-106014
N/A
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-106014
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.lenovo.com/us/en/product_security/LEN-106014
x_transferred
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-106014
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
Lenovo Group Limitedlenovo
Product
thinkpad_x1_fold_gen_1
CPEs
  • cpe:2.3:h:lenovo:thinkpad_x1_fold_gen_1:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • thinkpad_x1_fold_gen_1
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@lenovo.com
Published At:30 Oct, 2023 | 15:15
Updated At:06 Sep, 2024 | 21:35

An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Lenovo Group Limited
lenovo
>>thinkpad_x1_fold_gen_1>>-
cpe:2.3:h:lenovo:thinkpad_x1_fold_gen_1:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkpad_x1_fold_gen_1_firmware>>-
cpe:2.3:o:lenovo:thinkpad_x1_fold_gen_1_firmware:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-20Secondarypsirt@lenovo.com
CWE-20Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: psirt@lenovo.com
CWE ID: CWE-20
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.lenovo.com/us/en/product_security/LEN-106014psirt@lenovo.com
Vendor Advisory
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-106014
Source: psirt@lenovo.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

253Records found
CVE-2023-43581
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 9.81%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 22:25
Updated-04 Sep, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkcentre_m70q_firmwarethinkcentre_m80t_gen_3ideacentre_aio_3-27itl6_firmwarethinkstation_p340_workstationthinkcentre_m70s_firmwarethinkcentre_m90q_gen_2thinkcentre_m70t_gen_3thinkcentre_m90q_tiny_firmwarethinkcentre_neo_30a_27_gen_3_firmwarethinkcentre_m70a_gen_3ideacentre_g5-14imb05_firmwarethinkstation_p330_workstationthinkcentre_m70qideacentre_5_14iab7_firmwareideacentre_aio_3-24alc6thinkstation_p340_workstation_firmwarev55t_gen_2_13acnloq_17irb8_firmwarethinkcentre_m90q_gen_3ideacentre_5_14irb8_firmwarethinkcentre_neo_30a_27_gen_3thinkcentre_m90t_gen_3_firmwarethinkcentre_m630ethinkcentre_m625qideacentre_aio_3-24imb05_firmwareyoga_aio_7_27arh7_firmwarethinkstation_p520_workstation_firmwareyoga_aio_7-27arh6v50t-13imbthinkstation_p360_workstationthinkcentre_m70a_gen_3_firmwarethinkcentre_m90a_pro_gen_3_firmwareloq_17irb8thinkstation_p350_workstationideacentre_mini_5_01iaq7thinkstation_p520c_workstationthinkstation_p350_workstation_firmwareideacentre_5-14iob6v30a-22itlthinkstation_p330_workstation_2nd_genv50a-24imb_firmwareideacentre_gaming_5_17acn7_firmwarethinkcentre_m70c_firmwarev55t_gen_2_13acn_firmwarethinkcentre_m90tthinkstation_p330_workstation_2nd_gen_firmwarethinkcentre_neo_50a_24_gen_4_firmwarethinkcentre_neo_30a_22_gen_4ideacentre_5-14iob6_firmwarelegion_t7_34irz8_firmwareideacentre_aio_3-22itl6_firmwarethinkcentre_m70s_gen_3_firmwarethinkedge_se30_firmwarethinkcentre_m80q_gen_3_firmwarethinkcentre_m920z_all-in-one_firmwarethinkcentre_neo_30a_27_gen_4legion_t5_26irb8v50a-22imbthinkstation_p350_tiny_workstationv50a-24imbthinkcentre_neo_30a_24_gen_3thinkcentre_m90sthinkstation_p358_workstation_firmwarethinkcentre_m70q_gen_2_firmwarev50s-07imbideacentre_creator_5-14iob6thinkcentre_m90a_gen_3thinkcentre_m75s_gen_2ideacentre_5-14acn6_firmwareideacentre_aio_3-24imb05ideacentre_gaming_5-14acn6thinkcentre_m80tthinkcentre_m70tideacentre_5-14imb05thinkcentre_m90a_gen_2_firmwarethinkcentre_m90a_pro_gen_3thinkcentre_m90a_firmwarethinkcentre_m625q_firmwareyoga_aio_7_27arh7ideacentre_aio_5_24iah7ideacentre_aio_3_21itl7ideacentre_aio_5_27iah7_firmwareideacentre_aio_3-27imb05thinkstation_p348_workstation_firmwareideacentre_aio_3-24itl6_firmwarethinkstation_p920_workstationideacentre_aio_3_22iap7_firmwarethinkstation_p330_workstation_firmwarethinkcentre_m75t_gen_2_firmwarethinkstation_p360_ultra_workstationideacentre_aio_3-22iil5yoga_aio_7-27arh6_firmwareideacentre_aio_5_24iah7_firmwarethinkcentre_neo_70t_gen_3_firmwarethinkcentre_m90a_gen_3_firmwareideacentre_aio_3_24iap7_firmwareideacentre_aio_3-24iil5ideacentre_gaming_5-14iob6thinkcentre_m90q_tinythinkcentre_neo_50t_gen_3thinkcentre_m70t_firmwarelegion_t7-34imz5_firmwareideacentre_mini_5_01iaq7_firmwareideacentre_g5-14imb05thinkcentre_neo_30a_27_gen_4_firmwareideacentre_aio_3-24iil5_firmwareideacentre_t540-15ama_gthinkcentre_neo_70t_gen_3ideacentre_aio_3-22itl6thinkstation_p358_workstationideacentre_aio_3_27iap7_firmwarethinkstation_p350_tiny_workstation_firmwarethinkstation_p360_ultra_workstation_firmwarethinkcentre_m90t_firmwarev30a-24imlthinkcentre_m80sthinkcentre_m70q_gen_2thinkcentre_m75s_gen_2_firmwarelegion_t7-34iaz7thinkcentre_m80q_firmwarelegion_t5_26iab7_firmwarelegion_t5_26iab7ideacentre_aio_3-27itl6thinkcentre_m90s_firmwarethinkcentre_m630e_firmwareideacentre_aio_3-22imb05v50t-13iob_firmwarethinkcentre_neo_30a_22_gen_3_firmwareideacentre_mini_5-01imh05thinkcentre_m80t_gen_3_firmwareideacentre_aio_3_22iap7ideacentre_gaming_5_17acn7ideacentre_aio_3_21itl7_firmwarethinkstation_p340_tiny_workstationthinkcentre_neo_30a_22_gen_3thinkcentre_m90s_gen_3thinkstation_p320_workstationthinkcentre_neo_50t_gen_3_firmwarethinkstation_p348_workstationideacentre_t540-15ama_g_firmwareideacentre_aio_3_27iap7ideacentre_g5-14amr05_firmwarethinkcentre_m75n_firmwarethinkcentre_m80qthinkedge_se30ideacentre_5_14iab7ideacentre_mini_5-01imh05_firmwarelegion_t7_34irz8thinkcentre_m75nthinkstation_p920_workstation_firmwarelegion_t7-34imz5v30a-24iml_firmwarethinkcentre_m70t_gen_3_firmwarethinkstation_p520_workstationv50t-13imh_firmwarethinkcentre_m920z_all-in-onethinkcentre_neo_30a_24_gen_3_firmwarethinkstation_p520c_workstation_firmwareideacentre_3-07ada05thinkcentre_m70cthinkcentre_neo_30a_24_gen_4v50t-13iobthinkstation_p360_tiny_workstation_firmwareideacentre_aio_3-22iil5_firmwarethinkstation_p720_workstationthinkcentre_m75q_gen_2thinkcentre_m90q_gen_3_firmwarethinkcentre_m90athinkcentre_neo_50a_24_gen_4thinkcentre_m80s_gen_3v30a-24itl_firmwareideacentre_aio_3-22imb05_firmwareideacentre_c5-14imb05thinkcentre_m90s_gen_3_firmwarethinkcentre_m70s_gen_3ideacentre_aio_3_24iap7thinkcentre_m90q_gen_2_firmwarethinkcentre_m80q_gen_3v30a-24itlv50a-22imb_firmwarethinkstation_p360_tiny_workstationthinkcentre_m70sthinkcentre_neo_50a_24_gen_3_firmwarev50s-07imb_firmwarev30a-22imlthinkcentre_neo_30a_24_gen_4_firmwareideacentre_aio_3-24itl6ideacentre_c5-14imb05_firmwareideacentre_aio_3-27imb05_firmwarethinkcentre_m80s_gen_3_firmwarelegion_t5_26irb8_firmwarev30a-22iml_firmwareideacentre_3-07ada05_firmwarev30a-22itl_firmwarethinkcentre_m75q_gen_2_firmwarethinkstation_p360_workstation_firmwarethinkstation_p340_tiny_workstation_firmwareideacentre_5-14imb05_firmwarev50t-13imb_firmwareideacentre_gaming_5_17iab7ideacentre_3-07imb05_firmwareideacentre_5_14irb8thinkstation_p720_workstation_firmwareideacentre_g5-14amr05ideacentre_aio_3-24alc6_firmwareideacentre_gaming_5-14iob6_firmwarethinkcentre_m80t_firmwarethinkstation_p320_workstation_firmwarethinkcentre_m90a_gen_2ideacentre_5-14acn6thinkcentre_neo_50a_24_gen_3thinkcentre_neo_30a_22_gen_4_firmwarethinkcentre_m80s_firmwareideacentre_aio_5_27iah7ideacentre_3-07imb05legion_t7-34iaz7_firmwareideacentre_gaming_5_17iab7_firmwareideacentre_gaming_5-14acn6_firmwarethinkcentre_m75t_gen_2ideacentre_creator_5-14iob6_firmwarethinkcentre_m90t_gen_3v50t-13imhDesktop BIOSdesktop_bios
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-43569
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.84%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 22:06
Updated-12 Sep, 2024 | 13:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. 

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkcentre_m70q_firmwarethinkcentre_m80t_gen_3ideacentre_aio_3-27itl6_firmwarethinkstation_p340_workstationthinkcentre_m70s_firmwarethinkcentre_m90q_gen_2thinkcentre_m70t_gen_3thinkcentre_m90q_tiny_firmwarethinkcentre_neo_30a_27_gen_3_firmwarethinkcentre_m70a_gen_3ideacentre_g5-14imb05_firmwarethinkstation_p330_workstationthinkcentre_m70qideacentre_5_14iab7_firmwareideacentre_aio_3-24alc6thinkstation_p340_workstation_firmwarev55t_gen_2_13acnloq_17irb8_firmwarethinkcentre_m90q_gen_3ideacentre_5_14irb8_firmwarethinkcentre_neo_30a_27_gen_3thinkcentre_m90t_gen_3_firmwarethinkcentre_m630ethinkcentre_m625qideacentre_aio_3-24imb05_firmwareyoga_aio_7_27arh7_firmwarethinkstation_p520_workstation_firmwareyoga_aio_7-27arh6v50t-13imbthinkstation_p360_workstationthinkcentre_m70a_gen_3_firmwarethinkcentre_m90a_pro_gen_3_firmwareloq_17irb8thinkstation_p350_workstationideacentre_mini_5_01iaq7thinkstation_p520c_workstationthinkstation_p350_workstation_firmwareideacentre_5-14iob6v30a-22itlthinkstation_p330_workstation_2nd_genv50a-24imb_firmwareideacentre_gaming_5_17acn7_firmwarethinkcentre_m70c_firmwarev55t_gen_2_13acn_firmwarethinkcentre_m90tthinkstation_p330_workstation_2nd_gen_firmwarethinkcentre_neo_50a_24_gen_4_firmwarethinkcentre_neo_30a_22_gen_4ideacentre_5-14iob6_firmwarelegion_t7_34irz8_firmwareideacentre_aio_3-22itl6_firmwarethinkcentre_m70s_gen_3_firmwarethinkedge_se30_firmwarethinkcentre_m80q_gen_3_firmwarethinkcentre_m920z_all-in-one_firmwarethinkcentre_neo_30a_27_gen_4legion_t5_26irb8v50a-22imbthinkstation_p350_tiny_workstationv50a-24imbthinkcentre_neo_30a_24_gen_3thinkcentre_m90sthinkstation_p358_workstation_firmwarethinkcentre_m70q_gen_2_firmwarev50s-07imbideacentre_creator_5-14iob6thinkcentre_m90a_gen_3thinkcentre_m75s_gen_2ideacentre_5-14acn6_firmwareideacentre_aio_3-24imb05ideacentre_gaming_5-14acn6thinkcentre_m80tthinkcentre_m70tideacentre_5-14imb05thinkcentre_m90a_gen_2_firmwarethinkcentre_m90a_pro_gen_3thinkcentre_m90a_firmwarethinkcentre_m625q_firmwareyoga_aio_7_27arh7ideacentre_aio_5_24iah7ideacentre_aio_3_21itl7ideacentre_aio_5_27iah7_firmwareideacentre_aio_3-27imb05thinkstation_p348_workstation_firmwareideacentre_aio_3-24itl6_firmwarethinkstation_p920_workstationideacentre_aio_3_22iap7_firmwarethinkstation_p330_workstation_firmwarethinkcentre_m75t_gen_2_firmwarethinkstation_p360_ultra_workstationideacentre_aio_3-22iil5yoga_aio_7-27arh6_firmwareideacentre_aio_5_24iah7_firmwarethinkcentre_neo_70t_gen_3_firmwarethinkcentre_m90a_gen_3_firmwareideacentre_aio_3_24iap7_firmwareideacentre_aio_3-24iil5ideacentre_gaming_5-14iob6thinkcentre_m90q_tinythinkcentre_neo_50t_gen_3thinkcentre_m70t_firmwarelegion_t7-34imz5_firmwareideacentre_mini_5_01iaq7_firmwareideacentre_g5-14imb05thinkcentre_neo_30a_27_gen_4_firmwareideacentre_aio_3-24iil5_firmwareideacentre_t540-15ama_gthinkcentre_neo_70t_gen_3ideacentre_aio_3-22itl6thinkstation_p358_workstationideacentre_aio_3_27iap7_firmwarethinkstation_p350_tiny_workstation_firmwarethinkstation_p360_ultra_workstation_firmwarethinkcentre_m90t_firmwarev30a-24imlthinkcentre_m80sthinkcentre_m70q_gen_2thinkcentre_m75s_gen_2_firmwarelegion_t7-34iaz7thinkcentre_m80q_firmwarelegion_t5_26iab7_firmwarelegion_t5_26iab7ideacentre_aio_3-27itl6thinkcentre_m90s_firmwarethinkcentre_m630e_firmwareideacentre_aio_3-22imb05v50t-13iob_firmwarethinkcentre_neo_30a_22_gen_3_firmwareideacentre_mini_5-01imh05thinkcentre_m80t_gen_3_firmwareideacentre_aio_3_22iap7ideacentre_gaming_5_17acn7ideacentre_aio_3_21itl7_firmwarethinkstation_p340_tiny_workstationthinkcentre_neo_30a_22_gen_3thinkcentre_m90s_gen_3thinkstation_p320_workstationthinkcentre_neo_50t_gen_3_firmwarethinkstation_p348_workstationideacentre_t540-15ama_g_firmwareideacentre_aio_3_27iap7ideacentre_g5-14amr05_firmwarethinkcentre_m75n_firmwarethinkcentre_m80qthinkedge_se30ideacentre_5_14iab7ideacentre_mini_5-01imh05_firmwarelegion_t7_34irz8thinkcentre_m75nthinkstation_p920_workstation_firmwarelegion_t7-34imz5v30a-24iml_firmwarethinkcentre_m70t_gen_3_firmwarethinkstation_p520_workstationv50t-13imh_firmwarethinkcentre_m920z_all-in-onethinkcentre_neo_30a_24_gen_3_firmwarethinkstation_p520c_workstation_firmwareideacentre_3-07ada05thinkcentre_m70cthinkcentre_neo_30a_24_gen_4v50t-13iobthinkstation_p360_tiny_workstation_firmwareideacentre_aio_3-22iil5_firmwarethinkstation_p720_workstationthinkcentre_m75q_gen_2thinkcentre_m90q_gen_3_firmwarethinkcentre_m90athinkcentre_neo_50a_24_gen_4thinkcentre_m80s_gen_3v30a-24itl_firmwareideacentre_aio_3-22imb05_firmwareideacentre_c5-14imb05thinkcentre_m90s_gen_3_firmwarethinkcentre_m70s_gen_3ideacentre_aio_3_24iap7thinkcentre_m90q_gen_2_firmwarethinkcentre_m80q_gen_3v30a-24itlv50a-22imb_firmwarethinkstation_p360_tiny_workstationthinkcentre_m70sthinkcentre_neo_50a_24_gen_3_firmwarev50s-07imb_firmwarev30a-22imlthinkcentre_neo_30a_24_gen_4_firmwareideacentre_aio_3-24itl6ideacentre_c5-14imb05_firmwareideacentre_aio_3-27imb05_firmwarethinkcentre_m80s_gen_3_firmwarelegion_t5_26irb8_firmwarev30a-22iml_firmwareideacentre_3-07ada05_firmwarev30a-22itl_firmwarethinkcentre_m75q_gen_2_firmwarethinkstation_p360_workstation_firmwarethinkstation_p340_tiny_workstation_firmwareideacentre_5-14imb05_firmwarev50t-13imb_firmwareideacentre_gaming_5_17iab7ideacentre_3-07imb05_firmwareideacentre_5_14irb8thinkstation_p720_workstation_firmwareideacentre_g5-14amr05ideacentre_aio_3-24alc6_firmwareideacentre_gaming_5-14iob6_firmwarethinkcentre_m80t_firmwarethinkstation_p320_workstation_firmwarethinkcentre_m90a_gen_2ideacentre_5-14acn6thinkcentre_neo_50a_24_gen_3thinkcentre_neo_30a_22_gen_4_firmwarethinkcentre_m80s_firmwareideacentre_aio_5_27iah7ideacentre_3-07imb05legion_t7-34iaz7_firmwareideacentre_gaming_5_17iab7_firmwareideacentre_gaming_5-14acn6_firmwarethinkcentre_m75t_gen_2ideacentre_creator_5-14iob6_firmwarethinkcentre_m90t_gen_3v50t-13imhDesktop BIOSdesktop_bios
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-25494
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.64%
||
7 Day CHG+0.01%
Published-05 Apr, 2024 | 20:46
Updated-02 Aug, 2024 | 11:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability were reported in the BIOS of some Desktop, Smart Edge, and ThinkStation products that could allow a local attacker with elevated privileges to write to NVRAM variables.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Desktop BIOS, Smart Edge BIOS, ThinkStation BIOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-8323
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 15.19%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:50
Updated-16 Sep, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_l460_firmwarethinkpad_w541v110-15astv730-13ikb720s-15ikb_firmwarethinkpad_e49014iwl_firmwarethinkpad_p51smiix_720-12ikb_firmwarewei5-15ikbthinkpad_p53thinkpad_e575thinkpad_p72_firmwarethinkpad_x240s_firmwarethinkpad_l590v110-14astthinkpad_l460thinkpad_p52thinkpad_e560p_firmwarethinkpad_e475thinkpad_s2_yoga_4th_genthinkpad_p70s145-14ast_firmwarethinkpad_e470_firmwarethinkpad_11ethinkpad_t460pthinkpad_e15_firmwarethinkpad_p1thinkpad_e460thinkpad_x140ethinkpad_x1_tablet_firmwarethinkpad_l380_yoga_firmwarethinkpad_x280thinkpad_x390c640-iml_firmwarethinkpad_s540thinkpad_r14thinkpad_s3_gen_2_firmwarethinkpad_l470_firmwarev310-15igmv130-15ikb_firmwarethinkpad_s3_firmwares145-15ast_firmwarethinkpad_t490_firmwarethinkpad_l380_firmwarethinkpad_r590_firmwarethinkpad_t560_firmwarethinkpad_t580thinkpad_l390_yogac640-imlv730-13isk_firmwareyoga_s940-14iwl_firmwarethinkpad_s5_2nd_gen_firmwarethinkpad_x1_yogathinkpad_e485_firmwarethinkpad_x240_firmwarethinkpad_t570_firmware6_pro-13-iwlxx-14api_qc_2019thinkpad_yoga_11e_5th_genthinkpad_13_firmwaremiix_720-12ikbthinkpad_e585thinkpad_l570_firmwarethinkpad_w540_firmwarethinkpad_a475_firmwarethinkpad_x380_yoga_firmwares145-15apithinkpad_a485_firmwarethinkpad_13_2nd_genthinkpad_w540thinkpad_e490sv330-15iskwei5-15ikb_firmwareyoga_s940-14iwl340c-15astthinkpad_11e_yoga_gen_6_firmwarethinkpad_s540_firmwarev730-15ikb_firmwarethinkpad_p52_firmware330-15astk32-80_kblthinkpad_s2_yoga_4th_gen_firmwarethinkpad_a275thinkpad_t580_firmwarethinkbook_13s-iwl_firmwarethinkpad_e485thinkpad_e15v130-15igm_firmwarethinkpad_a485v340-iml_firmwarethinkpad_s2_yoga_3rd_gen_firmware340c-15apithinkpad_t25thinkpad_t460sthinkpad_t495s_firmwarethinkpad_x390_yogathinkpad_s1_yoga720s_touch-15ikb_firmwarethinkpad_e570thinkpad_s5_2nd_genthinkpad_e560thinkpad_e555thinkpad_x1_extreme_firmwarethinkpad_t440thinkpad_yoga_11e_5th_gen_firmwarethinkpad_e580v330-15igm_firmwarethinkpad_r14_firmwarethinkpad_p71v110-15ast_firmwarethinkpad_s3_gen_2e53-80v540s-13thinkpad_e480_firmwarethinkpad_p51s_firmwarethinkbook_13s-iwlthinkpad_x250thinkpad_t540pthinkpad_t540_firmwares145-14api_firmwarethinkpad_t540p_firmware6_pro-14-iwl_firmwarev340-imlthinkpad_x395thinkpad_x1_carbon_\(20ax\)_firmwarethinkpad_t460_firmwarethinkpad_t460s_firmwarethinkpad_x270_firmwares145-14ast340c-15ast_firmwarek32-80_sklthinkpad_s2_yoga_3rd_genthinkpad_s1thinkpad_helix_firmwarethinkpad_l490thinkpad_t480s_firmwarethinkpad_s3_3rd_genthinkpad_p71_firmware6_pro-13-iwl_firmwarethinkpad_yoga_11e_\(20dx\)_firmwarethinkpad_l590_firmwarev110-14ikb_firmwarek22-80thinkpad_a285_firmwarev110-14ikbthinkpad_yoga_11e_\(20dx\)v340-iil_firmwarethinkpad_l560_firmwarethinkpad_x260s540-13api330-17astthinkpad_p53s_firmwarethinkpad_x250_firmwarethinkpad_e465v130-15igmyoga_s730-13iwlthinkpad_t470_firmwarethinkpad_p52sv340-iilthinkpad_e455_firmwaree52-80_firmwarethinkpad_t480_firmwarethinkpad_x1_carbon_firmwarethinkpad_p50_firmwarethinkpad_s3_3rd_gen_firmwarethinkpad_s1_yoga_vprothinkpad_e580_firmwarethinkpad_x260_firmwarethinkpad_e590_firmwarethinkpad_t570thinkpad_l560s145-15api_firmwarethinkpad_x1_carbon_\(20bx\)_firmwarethinkpad_t490thinkpad_x280_firmwarethinkpad_t590thinkpad_t550thinkpad_p73_firmwarethinkpad_t540s940-14iwlthinkpad_x1_tabletthinkpad_t495_firmwarev130-15ikbthinkpad_w550syoga_s730-13iwl_firmwarethinkpad_l480v310-15igm_firmwarethinkpad_t460thinkpad_l390_yoga_firmwarethinkpad_x390_firmware330-17ast_firmwarethinkpad_r490_firmwaree52-80xiaoxin_14-ast_qc_2019thinkpad_x270thinkpad_t440_firmwarethinkpad_a285thinkpad_l580_firmwarethinkpad_l1415_firmwarethinkpad_p50s_firmwarev730-13iskthinkpad_yoga_370thinkpad_t440p_firmwarethinkpad_l470thinkpad_t440s_firmwarethinkpad_e570_firmwarethinkpad_s5_firmwarethinkpad_t440pk3s540-13api_firmwarethinkpad_x140e_firmwarethinkpad_x390_yoga_firmware730s-13iwlthinkpad_l380thinkpad_x1_yoga_firmwarethinkpad_t590_firmwarethinkpad_x240thinkpad_yoga_11e_4th_gen_firmwarethinkpad_s1_yoga_firmwarethinkpad_x1_extremethinkpad_l490_firmwarethinkpad_yoga_11e_3rd_gen_firmwarethinkpad_x1_carbonk4-iwlthinkpad_e560_firmwarethinkpad_t460p_firmwarethinkpad_l13_firmwares145-15astthinkpad_p52s_firmwarethinkpad_r490v720-12_firmwarethinkpad_a275_firmwarethinkpad_t550_firmwarek32-80_skl_firmwarethinkpad_e590thinkpad_e575_firmwarethinkpad_t25_firmwarethinkpad_p1_firmwarethinkpad_s5_yoga_15k4-iwl_firmwarev330-15igmxiaoxin_14-ast_qc_2019_firmwares750-iils940-14iwl_firmwarev720-12thinkbook_14s-iwlv330-15ikb_firmwarethinkpad_x380_yogathinkpad_l480_firmwarexx-14api_qc_2019_firmwarethinkpad_p53sthinkpad_t480sthinkpad_e465_firmwarethinkpad_w541_firmwarethinkpad_t495sthinkpad_p51_firmwarethinkpad_x1_carbon_\(20ax\)thinkpad_s1_yoga_vpro_firmwarethinkpad_e460_firmwarethinkpad_e455thinkpad_e14thinkpad_11e_firmwarev110-14ast_firmware6_pro-14-iwlthinkpad_l57014iwle53-80_firmwarethinkpad_p43sthinkpad_a475thinkpad_s5_yoga_15_firmwarethinkpad_t490s_firmwarethinkpad_e565thinkpad_e475_firmwarethinkpad_x240sthinkpad_e565_firmwarethinkpad_t470s_firmwaree42-80thinkpad_l580thinkpad_p50thinkpad_r590thinkpad_x395_firmware330-14aste42-80_firmwarev330-15ikbthinkpad_e490s_firmwarethinkpad_t440sthinkpad_x1_carbon_\(20bx\)thinkpad_s5thinkpad_t470p_firmwarethinkpad_11e_yoga_gen_6thinkpad_s1_firmware330-14ast_firmwarev540s-13_firmwarethinkpad_e490_firmwarethinkpad_p70_firmwarek3_firmware730s-13iwl_firmwarethinkpad_t560thinkpad_s1_3rd_firmwarethinkpad_13thinkpad_t470thinkpad_yoga_11e_3rd_genthinkpad_p50sthinkpad_p53_firmwarethinkpad_13_2nd_gen_firmwarev330-15isk_firmwarek32-80_kbl_firmwarethinkpad_s1_3rdthinkpad_e480thinkpad_l380_yogathinkpad_p51thinkpad_yoga_260thinkpad_s3thinkpad_l13thinkpad_e585_firmwarev730-15ikbthinkpad_t490sv730-13ikb_firmware720s_touch-15ikb330-15ast_firmwarethinkpad_e470thinkpad_p73thinkpad_e555_firmwarethinkpad_e560pthinkpad_yoga_11e_4th_genthinkpad_t470sthinkpad_p72thinkpad_yoga_260_firmwarethinkpad_t470p340c-15api_firmwarethinkpad_helixthinkpad_e14_firmwarethinkpad_w550s_firmwarethinkpad_l1415k22-80_firmwarethinkbook_14s-iwl_firmwarethinkpad_t495thinkpad_yoga_370_firmwares750-iil_firmware720s-15ikbthinkpad_t480s145-14apithinkpad_p43s_firmwareBIOS
CVE-2023-4028
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 9.81%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 16:48
Updated-08 Oct, 2024 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-ideapad_flex_5_16iau7ideapad_flex_5_14iau7_firmwarethinkbook_14s_g2_itl_firmwarethinkbook_13s_g2_itlthinkbook_13s_g2_areflex_5-15alc05thinkbook_14s_g2_itlideapad_flex_5_16iau7_firmwareideapad_flex_5_16abr8thinkbook_13s_g3_acnflex_7_14iru8flex_5-14alc05_firmwareideapad_1-14igl05_firmwareflex_7_14iru8_firmwarethinkbook_13s_g4_iap_firmwarethinkbook_13x_g2_iapideapad_flex_5_16alc7_firmwareflex_5-14are05ideapad_1-14ada05_firmwareideapad_1-11ada05_firmwareideapad_flex_5_16iru8ideapad_flex_5_16abr8_firmwareflex_5-14alc05flex_5-15iil05flex_5-15itl05ideapad_flex_5_14iau7flex_5-15alc05_firmwareflex_5-14itl05_firmwareideapad_flex_5_14abr8_firmwarethinkbook_13s_g3_acn_firmwareideapad_flex_5_14iru8_firmwareflex_5-14iil05_firmwareideapad_1-11igl05ideapad_flex_5_14iru8ideapad_flex_5_16alc7thinkbook_13s_g2_itl_firmwareyoga_9-15imh513w_yoga_gen_2ideapad_flex_5_14abr813w_yoga_gen_2_firmwareideapad_1-14ada05flex_5-14itl05thinkbook_13s_g2_are_firmwareideapad_1-11igl05_firmwareideapad_flex_5_14alc713w_yoga_firmwareideapad_1-11ada05ideapad_1-14igl05ideapad_flex_5_14alc7_firmwarethinkbook_13x_g2_iap_firmwareyoga_9-15imh5_firmwareflex_5-14are05_firmwareflex_5-15iil05_firmwareideapad_flex_5_16iru8_firmwareflex_5-14iil05flex_5-15itl05_firmware13w_yogathinkbook_13s_g4_iapLenovo Notebookflex_5-15itl05ideapad_flex_5_14iau7ideapad_5-14alc05ideapad_flex_5_16iau7ideapad_1-11igl05ideapad_flex_5_14iru8ideapad_flex_5_16alc7thinkbook_13s_g2_itlyoga_9-15imh5thinkbook_13s_g2_are13w_yoga_gen_2flex_5-15alc05ideapad_flex_5_14abr8thinkbook_14s_g2_itlideapad_1-14ada05ideapad_flex_5_16abr8flex_5-14itl05thinkbook_13s_g3_acnflex_7_14iru8ideapad_flex_5_14alc7ideapad_1-11ada05ideapad_1-14igl05ideapad_5-15alc05thinkbook_13x_g2_iapflex_7_14iau7_firmwareflex_5-14are05flex_5-14iil05ideapad_flex_5_16iru813w_yogathinkbook_13s_g4_iapflex_5-15iil05
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-4029
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 9.81%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 16:48
Updated-08 Oct, 2024 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_s2_gen_8_firmwarethinkpad_l14_gen_4thinkpad_l15_gen_2thinkpad_e14_gen_3_firmwarethinkpad_e15_gen_3_firmwarek14_type_21cu_firmwarethinkpad_s2_yoga_gen_7thinkpad_s2_yoga_gen_8thinkpad_s2_gen_8thinkpad_s2_yoga_gen_6_firmwarek14_type_21cvk14_type_21cv_firmwarethinkpad_l14_gen_3thinkpad_l13_gen_4_firmwarethinkpad_l13_yoga_gen_3_firmwarethinkpad_l15_gen_3thinkpad_l13_yoga_gen_2thinkpad_l14_gen_4_firmwarethinkpad_s2_yoga_gen_8_firmwarethinkpad_l13_gen_3thinkpad_l13_yoga_gen_4thinkpad_x13_gen_2thinkpad_l14_gen_3_firmwarethinkpad_l15_gen_3_firmwarethinkpad_l13_gen_4thinkpad_l15_gen_4_firmwarethinkpad_s2_gen_7thinkpad_l13_yoga_gen_4_firmwarethinkpad_l13_yoga_gen_2_firmwarethinkpad_l15_gen_2_firmwarethinkpad_t14_gen_2thinkpad_l14_gen_2_firmwarek14_type_21cuthinkpad_s2_yoga_gen_6thinkpad_l13_gen_2_firmwarethinkpad_e14_gen_3thinkpad_l13_gen_3_firmwarethinkpad_l14_gen_2thinkpad_t14_gen_2_firmwarethinkpad_l13_gen_2thinkpad_l13_yoga_gen_3thinkpad_s2_gen_6thinkpad_l15_gen_4thinkpad_s2_yoga_gen_7_firmwarethinkpad_s2_gen_7_firmwarethinkpad_p14s_gen_2thinkpad_e15_gen_3thinkpad_s2_gen_6_firmwarethinkpad_p14s_gen_2_firmwarethinkpad_t14s_gen_2_firmwarethinkpad_t14s_gen_2thinkpad_x13_gen_2_firmwareThinkPadthinkpad
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-8321
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.14% / 34.22%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:50
Updated-17 Sep, 2024 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.

Action-Not Available
Vendor-Lenovo Group Limited
Product-s340-15iwl_touchl340-17irh_firmwarev330-14isk_firmwarev330-14igm_firmwarelegion_y545_firmwares540-15iwl_gtxxiaoxin_air-15iwl_2019_firmware130-15ikb_firmwarelegion_y740-17ichgthinkstation_p520thinkstation_p500v130-14ast_firmwareyoga_c740-14imlrescuer_y7000p\(1060\)l340-15api_touch_firmware130-14ikb_firmwareideapad_3_15iil05_firmwares340-14legion_y7000_2019_firmware330c-14ikb_firmware330-14igm_firmwarethinkstation_p510v330-14astideapad_3_15330-15ikbrs340-15iwl340c-15ikb530s-14ikb_firmwarev320-14ikb_firmwares145-14igmy7000_2019_1050_firmwarec340-14iwl_firmwarexx-14kb_qc_2019_firmwares540-15iwllegion_y540-17irhl340-15irhs540-14iwl_firmware340c-15iwle4-14arr_firmwares145-14igm_firmwarexiaoxin_air-14iwl_2019_firmware330c-15ikbr_firmwareyoga_720-12ikb_firmware330c-14ikblegion_y540-17irh_firmwares540-14iwl_touch_firmwarelegion_y740-15ichg330-15ikbr_firmwarexiaoxin-14igm_qc_2019zhaoyang_k42-80_firmwareyoga_730-15ikb_firmwareflex_6-1470l340-15api_firmwareideapad_5_15iil05_firmwares340-13iml_firmwarethinkstation_p520c_firmwarelegion_y7000_2019l340-15iwl_touchs340-14iwllegion_y740-17irhg340c-15ikb_firmwarethinkstation_p900_firmwarexiaoxin_air-15iwl_2019c340-15iml_firmwarev330-15ast_firmwareflex-14iwls340-14iilflex-15iwl_firmwarev320-14ikbyoga_720-12ikblegion_y540-15irh_firmwarey7000_2019_1050320c-15ikb_firmwarethinkstation_p720_firmwarev330-14isk330-17ikbc340-14iml_firmware330-17ichl340-15api_touchideapad_3_17iml05_firmwares340-15iwl_touch_firmwarev130-14igms540-14iwl_touchv145-14ast_firmwarezhaoyang_k42-80l340-15iwl_touch_firmwares340-14iwl_touch_firmwarelenovo_v720-14ikbideapad_3_14iil05_firmwares540-15iwl_firmwarethinkstation_p900yoga_s740-14iil_firmwareyoga_c740-14iml_firmwares540-14imllegion_y540-15_pg0_firmware330-14ikb_firmwarev330-14ast_firmware330-14igmyoga_530-14arrthinkstation_p700_firmwareyoga_530-14arr_firmwarev130-14ikb330-15ikb_firmwarelenovo_v320-17ikbyoga_s740-14iilrescuer_y7000\(1060\)c340-14iwlyoga_730-13iwl_firmware340c-15iwl_firmwarexiaoxin-13iml_firmwarelenovo_v320-17ikb_firmwarexiaoxin_air_15ikbr_firmwarev330-15ast530s-14ikbthinkstation_p500_firmwarel340-15apiflex_6-1470_firmware330-15ikbr_touchs550-14iil_firmwareflex_6-14ikb_firmwares145-15ikb330-15ich_firmware330-14ikbr_firmwares340-15iml_firmwarev145-15astyoga_c930-13ikbv130-15ast330-17ikbrl340-17iwl_firmwarec340-15iml340c-15igm_firmwareideapad_5_15iil05s550-14iil330-15igm_firmwares540-14apilegion_y9000p_2019_firmware330-15ichlegion_y9000p_2019v130-14ikb_firmware330-15igm330c-15ikb_firmware330-15arrs145-14ikb_firmwarec340-15iwlwei5-14ikb_firmwarethinkstation_p700s145-14130-14ast_firmwarelegion_y740-15irhg_firmwareyoga_c930-13ikb_firmwarelegion_y7000p_2019s145-15iwl_firmwarexiaoxin_air_15iwl_firmwares540-15iml_firmwarec340-14imllegion_y545_pg0s145-15iwls340-14_firmwarelegion_y730-15ich_firmware330-14ikbideapad_3_14s145-15ikb_firmware530s-15iwl330c-15ikbl340-15irh_firmwarel340-17irhs530-13iml_firmware530s-14iwl_firmwarerescuer_y7000p\(1060\)_firmwaree43-80_kbl_firmware130-15ast_firmwarethinkstation_p910ideapad_3_15_firmwarelegion_y540-17_pg0530s-15ikblegion_y730-15ich530s-14arryoga_c940legion_y545s340-14iil_firmwarexiaoxin-14_2019iwlideapad_3_17iml05yoga_530-14ikb_firmwarelegion_y740-15ichg_firmwarethinkstation_p410wei5-14ikbxiaoxin-14_2019iwl_firmwarexiaoxin-14iwl_qc_2019_firmwareyoga_730-15iwl_firmwarel340-17iwls530-13iwlrescuer_y7000330-15arr_firmwarexiaoxin_air_14arr_firmwares540-15iwl_gtx_firmwares340-14imls530-13iml130-14astideapad_3_14_firmware330-17ikb_firmwarel340-17api_firmwares540-14iwlxx-14kb_qc_2019s145-14ikbs340-15apik43c-80v330-14arrlegion_y540-15_pg0330-15ikbr_touch_firmwarexiaoxin_air_13iwlv320-17ikbr_firmwares540-14iml_firmwareyoga_530-14ikbe4-14arrlegion_y740-17ichg_firmwarec340-14apiv320-15ikb_firmwarelegion_y530-15ich-1060_firmwares340-14api_firmwarexiaoxin_air-14iwl_2019k43c-80_firmware130-14ikbthinkstation_p710s340-14iml_firmwareyoga_c930_glasslegion_y9000k_2019yoga_c930_glass_firmwares340-14iwl_touchlegion_y740-17irhg_firmwarelenovo_e41-25yoga_730-15iwl720s-13arr_firmwarelegion_y7000p-1060_firmwarexiaoxin_air_14ikbr_firmwarexiaoxin_air_14iwl330-17ich_firmwareyoga_c740-15imlxiaoxin-15_2019iwl_firmwares145-15igmflex-15iwllegion_y730-17ich_firmwareflex_6-14arrthinkstation_p720xiaoxin_air_14ikbrc340-15iwl_firmware330-15arr_touch_firmwares340-15api_firmwarelegion_y7000p_pg0thinkstation_p920_firmwarethinkstation_p910_firmwarexiaoxin-13imlthinkstation_p410_firmwarel3_15iml05720s-14ikbr_firmwarexiaoxin_air_15iwlv130-15ast_firmware330-14ikbrlegion_y740-15irhgyoga_730-13ikbthinkstation_p520_firmware530s-15iwl_firmwarexiaoxin_air_13iwl_firmware330-15arr_touchd335-10igm340c-15igmrescuer_y7000prescuer_y7000\(1060\)_firmwarethinkstation_p510_firmwarerescuer_y7000p_firmwarev330-14arr_firmwareyoga_730-13iwl530s-14iwlv145-14astlegion_y7000p_pg0_firmwares340-14iwl_firmwarelegion_y545_pg0_firmware530s-14arr_firmwares340-13imlideapad_3_15iil05s145-15igm_firmwares340-15imlxiaoxin_air_14arr130-15ikblegion_y730-17ich530s-15ikb_firmwarec340-15iils340-15iwl_firmware330-15ikbv330-14igmlegion_y9000k_2019_firmwared330-10igm_firmwareyoga_730-13ikb_firmwares340-14apilegion_y540-17_pg0_firmware130-15astthinkstation_p710_firmwarel340-17apiv320-15ikbs145-14iwllegion_y7000p_2019_firmwarec340-14api_firmwareideapad_3_14iil05legion_y530-15ich720s-13arr320c-15ikblegion_y530-15ich-1060thinkstation_p920s530-13iwl_firmwarelenovo_e41-25_firmwarexiaoxin-14igm_qc_2019_firmwares540-14api_firmwared330-10igmlenovo_v720-14ikb_firmwarelegion_y530-15ich_firmwarel3_15iml05_firmware330c-15ikbrs145-14_firmwarexiaoxin_air_15ikbrxiaoxin_air_14iwl_firmwaree43-80_kblv130-14igm_firmware330-17ikbr_firmwareflex_6-14arr_firmwarelegion_y7000p-1060xiaoxin-14iwl_qc_2019c340-15iil_firmwares145-14iwl_firmwareyoga_c940_firmware720s-14ikbrlegion_y7000_pg0rescuer_y7000_firmwarev130-14astv145-15ast_firmwareflex_6-14ikblegion_y540-15irhlegion_y7000_pg0_firmwarev320-17ikbrxiaoxin-15_2019iwld335-10igm_firmwares540-15imlyoga_c740-15iml_firmwareyoga_730-15ikbflex-14iwl_firmwarethinkstation_p520cBIOS
CVE-2020-8353
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.80%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 17:35
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkcentre_m920qthinkstation_p340tthinkcentre_m80sthinkcentre_m90sthinkcentre_m90t_firmwarethinkstation_p330tthinkcentre_m920q_firmwarethinkcentre_m910zthinkstation_p330t_firmwarethinkcentre_m920sthinkstation_p330_tinythinkcentre_m90s_firmwarethinkcentre_m920zthinkstation_p340t_firmwarethinkcentre_m920t_firmwarethinkcentre_m90tthinkstation_p330_tiny_firmwarethinkcentre_m80t_firmwarethinkcentre_m80tthinkcentre_m910z_firmwarethinkstation_p330sthinkcentre_m80s_firmwarethinkcentre_m920tthinkstation_p340s_firmwarethinkstation_p330s_firmwarethinkstation_p340sthinkcentre_m920s_firmwarethinkcentre_m920z_firmwareDesktop and Workstation systems
CWE ID-CWE-16
Not Available
CVE-2020-8337
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 13.38%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:50
Updated-16 Sep, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.

Action-Not Available
Vendor-synapticsLenovo Group Limited
Product-thinkpad_s3-s440thinkpad_a275thinkpad_e485thinkpad_x380_yogas540-14iwl_touchthinkpad_a485thinkpad_e490yoga_14thinkpad_t450thinkpad_p53thinkpad_e450cthinkpad_l440thinkpad_e455thinkpad_e575thinkpad_e570thinkpad_l460thinkpad_t450sthinkpad_e540thinkpad_e560v130-15ikbthinkpad_p40thinkpad_a475thinkpad_e555thinkpad_l480thinkpad_e475thinkpad_s2_yoga_4th_genthinkpad_t460thinkpad_e550thinkpad_e565thinkpad_l450c340-14iwls540-14iwlthinkpad_l580thinkpad_11ethinkpad_x270thinkpad_r590thinkpad_a285thinkpad_t460pthinkpad_e580thinkpad_p1thinkpad_e460thinkpad_e545thinkpad_yoga_11ethinkpad_edge_e440thinkpad_s5thinkpad_edge_e445thinkpad_yoga_370thinkpad_l470v310-15igmthinkpad_13thinkpad_s1_yoga_12thinkpad_yoga_11e_3rd_genthinkpad_l380smart_audio_uwpthinkpad_l390_yogathinkpad_x1_extremethinkpad_s2_yoga_3rd_genthinkpad_s1_3rdthinkpad_e480thinkpad_l380_yogathinkpad_yoga_11e_5th_genthinkpad_s3thinkpad_s3_3rd_genthinkpad_r490thinkpad_s3_yoga_145-15ikbthinkpad_e470thinkpad_p73thinkpad_e585thinkpad_yoga_11e_4th_genflex-14iwlthinkpad_e590thinkpad_t470pair-14_2019thinkpad_e450thinkpad_e550cthinkpad_e490sthinkpad_x260thinkpad_l540v330-15igmthinkpad_e465v130-15igmthinkpad_yoga_14_460_s3Synaptics Smart Audio UWP App
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-8354
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.03% / 7.58%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 17:35
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.

Action-Not Available
Vendor-Lenovo Group Limited
Product-notebook_firmwarenotebookBIOS
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2023-34419
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 9.77%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 16:49
Updated-02 Aug, 2024 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-legion_pro_7_16irx8hlegion_7-16ithg6legion_5_15arh7_firmwarelegion_pro_7_16irx8h_firmwarelegion_5-17ach6hlegion_5-15ith6hlegion_5_pro_16arh7legion_5-15ach6legion_5-15ach6a_firmwarelegion_7-16ithg6_firmwarelegion_5-15ach6h_firmwarelegion_5_pro_16arh7hlegion_5_pro_16arh7h_firmwarelegion_5-15ith6_firmwarelegion_5-17ith6legion_s7_16arha7legion_5_pro-16ach6hlegion_5-17ach6legion_5-15ith6h_firmwarelegion_5-17ach6_firmwarelegion_7-16arha7thinkbook_15p_g2_ith_firmwarelegion_5_pro_16iah7h_firmwarelegion_5_pro-16ith6legion_5_15iah7hlegion_5-17ith6hlegion_5_pro-16ith6h_firmwarelegion_5-17ith6h_firmwarelegion_5_pro_16iah7legion_5_15arh7h_firmwarelegion_pro_7_16irx8_firmwarelegion_pro_7_16irx8legion_pro_5_16irx8_firmwarethinkbook_16p_g3_arhlegion_5_15iah7h_firmwarelegion_5-15ach6alegion_5-17ith6_firmwarelegion_5_pro-16ach6legion_5_15iah7_firmwarelegion_5_15iah7legion_5_pro_16arh7_firmwarelegion_5-15ith6legion_pro_5_16irx8thinkbook_16p_g3_arh_firmwarethinkbook_15p_g2_ithlegion_5_15arh7legion_5_pro-16ith6hlegion_5_pro-16ach6h_firmwarelegion_5-15ach6_firmwarelegion_s7_16arha7_firmwarelegion_5-17ach6h_firmwarelegion_5_pro_16iah7_firmwarelegion_5_pro_16iah7hlegion_5_pro-16ach6_firmwarelegion_7-16arha7_firmwarelegion_7-16achg6_firmwarelegion_5-15ach6hlegion_5_pro-16ith6_firmwarelegion_5_15arh7hlegion_7-16achg6Lenovo Notebook
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-25493
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.65%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 20:46
Updated-16 Sep, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-BIOSbios
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-1891
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 9.65%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 15:25
Updated-03 Apr, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkbook_15-imlthinkbook_14-iml_firmwareyoga_c640-13iml_firmwarethinkbook_15-iml_firmwarethinkbook_14-iil_firmwarethinkbook_14-imlthinkbook_15-iilyoga_c640-13imlyoga_c640-13iml_lte_firmwarethinkbook_14-iilthinkbook_15-iil_firmwareyoga_c640-13iml_lteBIOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-48188
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.44%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 21:03
Updated-08 Jan, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkcentre_m720s_firmwarethinkcentre_m920qthinkstation_p520_firmwarethinkcentre_m75s_gen_2_firmwarev530s-07icbthinkcentre_m720t_firmwareideacentre_510s-07icb_firmwareideacentre_aio_3-27itl6_firmwareideacentre_aio_3-27itl6thinkcentre_m720ethinkcentre_m920q_firmwarethinkcentre_m920sthinkcentre_m920zthinkstation_p330_tinyv30a-24itl_firmwareideacentre_510s-07icbthinkcentre_m75s_gen_2v30a-24itlthinkcentre_m720qthinkstation_p330_tiny_firmwarethinkstation_p520ideacentre_aio_3-24itl6ideacentre_720-18aprideacentre_aio_3_21itl7_firmwarethinkstation_p520cthinkstation_p520c_firmwareideacentre_aio_3_21itl7thinkcentre_m920s_firmwareideacentre_aio_3-24itl6_firmwarethinkcentre_m920z_firmwarev530s-07icr_firmwarethinkcentre_m720e_firmwareideacentre_510s-07ickthinkcentre_m720sideacentre_720-18apr_firmwarethinkcentre_m75t_gen_2_firmwarev30a-22itl_firmwarev530s-07icrthinkstation_p360_ultra_firmwarev30a-22itlideacentre_510s-07ick_firmwarethinkcentre_m920t_firmwarev530s-07icb_firmwarethinkcentre_m725sideacentre_aio_3-22itl6thinkcentre_m920tthinkcentre_m920xideacentre_aio_3-22itl6_firmwarethinkstation_p360_ultrathinkcentre_m720tthinkcentre_m725s_firmwarethinkcentre_m75t_gen_2thinkcentre_m720q_firmwarethinkcentre_m920x_firmwareThinkStation BIOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-48181
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.44%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 21:01
Updated-08 Jan, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkcentre_m70q_firmwarethinkcentre_m920qthinkcentre_m720t_firmwarethinkcentre_m80t_gen_3ideacentre_aio_3-27itl6_firmwarethinkcentre_m720ethinkstation_p330_gen_2thinkstation_p350_tiny_firmwarethinkcentre_m70s_firmwarethinkcentre_m70t_gen_3thinkcentre_m90q_gen_2thinkcentre_m90q_tiny_firmwarethinkcentre_neo_30a_27_gen_3_firmwareideacentre_3_07iab7_firmwareideacentre_g5-14imb05_firmwarethinkcentre_neo_50s_gen_3thinkcentre_m720qthinkcentre_m70qideacentre_5_14iab7_firmwareideacentre_aio_3-24alc6thinkstation_p330_tiny_firmwarev35s-07adav55t_gen_2_13acnthinkcentre_m90q_gen_3thinkcentre_neo_30a_27_gen_3thinkcentre_m90t_gen_3_firmwareideacentre_aio_3-24imb05_firmwarethinkcentre_m625qv50t-13imbthinkcentre_m90a_pro_gen_3_firmwarethinkcentre_t540-15ama_gideacentre_5-14are05thinkcentre_neo_50s_gen_3_firmwareideacentre_mini_5_01iaq7legion_t5-28imb05_firmwareideacentre_5-14iob6v30a-22itlideacentre_gaming_5_17acn7_firmwarethinkcentre_m70c_firmwareideacentre_510s-07ick_firmwarelegion_t530-28icb_firmwarev530s-07icb_firmwarev55t_gen_2_13acn_firmwareideacentre_aio_3-27alc6_firmwarelegion_t5-26amr5_firmwarethinkcentre_m90tthinkstation_p340ideacentre_5-14iob6_firmwarethinkcentre_m920tideacentre_aio_3-22itl6_firmwarethinkcentre_m70s_gen_3_firmwarelegion_t5-28imb05thinkstation_p350thinkcentre_m720tthinkcentre_m80q_gen_3_firmwarev530s-07icblegion_c530-19icb_firmwareideacentre_3_07ach7_firmwarethinkcentre_t540-15ama_g_firmwarelegion_t530-28icbthinkcentre_m90sthinkcentre_neo_30a_24_gen_3ideacentre_5-14are05_firmwareideacentre_510s-07icb_firmwarethinkcentre_m75s-1thinkstation_p330_tinythinkcentre_m70q_gen_2_firmwarev50s-07imbideacentre_creator_5-14iob6thinkcentre_m75s_gen_2thinkcentre_m90a_gen_3thinkstation_p340_firmwareideacentre_5-14acn6_firmwareideacentre_aio_3-24imb05ideacentre_5-14imb05ideacentre_gaming_5-14acn6legion_c530-19icbthinkcentre_m70tthinkcentre_m80tthinkcentre_m625q_firmwarethinkcentre_m90a_firmwarethinkcentre_m90a_gen_2_firmwarethinkcentre_m90a_pro_gen_3thinkstation_p360_tiny_firmwareideacentre_aio_5_24iah7thinkstation_p360_firmwareideacentre_aio_3_21itl7thinkcentre_m920s_firmwareideacentre_aio_5_27iah7_firmwareideacentre_aio_3-27imb05ideacentre_aio_3-24itl6_firmwarelenovo_legion_t5_26iab7thinkcentre_m920z_firmwareideacentre_aio_3_22iap7_firmwareideacentre_510s-07ickthinkcentre_m75t_gen_2_firmwareideacentre_aio_5_24iah7_firmwarelegion_t5-26iob6thinkcentre_neo_70t_gen_3_firmwarev50t-13iob_g2thinkcentre_m90a_gen_3_firmwareideacentre_aio_3_24iap7_firmwarethinkcentre_m90t_gen_3ideacentre_gaming_5-14iob6thinkcentre_m90q_tinylegion_t7-34imz5_firmwareideacentre_aio_3-22itl6ideacentre_g5-14imb05ideacentre_mini_5_01iaq7_firmwarethinkcentre_m70t_firmwarethinkcentre_m920xthinkcentre_neo_50t_gen_3thinkcentre_neo_70t_gen_3thinkcentre_m600_firmwareideacentre_aio_3_27iap7_firmwarethinkstation_p340_tinythinkstation_p350_tinythinkcentre_m90t_firmwarelegion_r5-28imb05thinkcentre_m720s_firmwarethinkcentre_m80sthinkcentre_m70q_gen_2thinkcentre_m75s_gen_2_firmwarelegion_t7-34iaz7thinkcentre_m80q_firmwareideacentre_aio_3-27itl6thinkcentre_m920q_firmwarethinkcentre_m920sthinkcentre_m90s_firmwareideacentre_aio_3-22imb05thinkstation_p320ideacentre_510s-07icbthinkcentre_neo_30a_22_gen_3_firmwareideacentre_mini_5-01imh05lenovo_legion_t5_26iab7_firmwarethinkcentre_m80t_gen_3_firmwareideacentre_aio_3_22iap7ideacentre_gaming_5_17acn7thinkstation_p320_firmwareideacentre_aio_3_21itl7_firmwareideacentre_3_07iab7thinkcentre_m90s_gen_3thinkcentre_neo_30a_22_gen_3thinkcentre_neo_50t_gen_3_firmwareideacentre_aio_3_27iap7ideacentre_g5-14amr05_firmwarethinkcentre_m75n_firmwarethinkcentre_m720e_firmwarethinkcentre_m80qthinkcentre_m720sideacentre_720-18apr_firmwareideacentre_5_14iab7ideacentre_mini_5-01imh05_firmwarelegion_t5-26amr5thinkcentre_m920t_firmwarethinkstation_p360_tinythinkcentre_m725sthinkcentre_m75nlegion_t5-26iob6_firmwarelegion_t7-34imz5thinkcentre_m60e_tinythinkcentre_m70t_gen_3_firmwarethinkcentre_m725s_firmwarethinkcentre_neo_30a_24_gen_3_firmwarelegion_r5-28imb05_firmwareideacentre_3-07ada05thinkcentre_m70cthinkcentre_m60e_tiny_firmwarethinkcentre_m70q_gen_3_firmwarethinkcentre_m75s-1_firmwarethinkcentre_m90q_gen_3_firmwarelegion_t5-28icb05_firmwarethinkcentre_m90athinkcentre_m920zthinkcentre_m80s_gen_3v30a-24itl_firmwarethinkstation_p330thinkstation_p350_firmwareideacentre_aio_3-22imb05_firmwareideacentre_c5-14imb05thinkcentre_m90s_gen_3_firmwarethinkcentre_m70s_gen_3ideacentre_aio_3_24iap7ideacentre_aio_3-27alc6thinkcentre_m80q_gen_3thinkcentre_m90q_gen_2_firmwarev30a-24itlv35s-07ada_firmwarethinkcentre_m70sthinkstation_p330_gen_2_firmwarev50s-07imb_firmwarethinkstation_p340_tiny_firmwareideacentre_aio_3-24itl6ideacentre_720-18aprlegion_t5-28icb05ideacentre_c5-14imb05_firmwareideacentre_aio_3-27imb05_firmwarethinkcentre_m80s_gen_3_firmwarev530s-07icr_firmwareideacentre_3-07ada05_firmwarethinkstation_p360v30a-22itl_firmwarev530s-07icrideacentre_5-14imb05_firmwareideacentre_3_07ach7v50t-13imb_firmwareideacentre_gaming_5_17iab7ideacentre_3-07imb05_firmwarev50t-13iob_g2_firmwareideacentre_g5-14amr05thinkcentre_m70q_gen_3ideacentre_aio_3-24alc6_firmwareideacentre_gaming_5-14iob6_firmwarethinkcentre_m80t_firmwarethinkcentre_m90a_gen_2ideacentre_5-14acn6ideacentre_aio_5_27iah7thinkcentre_m80s_firmwareideacentre_3-07imb05thinkstation_p330_firmwarelegion_t7-34iaz7_firmwareideacentre_gaming_5_17iab7_firmwareideacentre_gaming_5-14acn6_firmwarethinkcentre_m75t_gen_2ideacentre_creator_5-14iob6_firmwarethinkcentre_m720q_firmwarethinkcentre_m600thinkcentre_m920x_firmwareThinkStation BIOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-4575
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.21%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 14:42
Updated-03 Aug, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_p70_firmwarethinkpad_p50_firmwarethinkpad_t560thinkpad_p70thinkpad_x1_carbon_4th_gen_firmwarethinkpad_25thinkpad_25_firmwarethinkpad_t470thinkpad_x1_carbon_4th_genthinkpad_x260_firmwarethinkpad_t470s_firmwarethinkpad_p50thinkpad_t470sthinkpad_x270thinkpad_yoga_260_firmwarethinkpad_l560thinkpad_p50sthinkpad_t560_firmwarethinkpad_x270_firmwarethinkpad_x1_yoga_1st_genthinkpad_x1_yoga_1st_gen_firmwarethinkpad_l560_firmwarethinkpad_x260thinkpad_p50s_firmwarethinkpad_yoga_260thinkpad_t470_firmwareThinkPad BIOS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-3971
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-3.13% / 86.33%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.

Action-Not Available
Vendor-Lenovo Group Limited
Product-l340-17irh_firmwareideapad_3-17ada05_firmwarelegion_5-15ith6hideapad_3-14ada05legion_y545_firmwares145-15api_firmwarelegion_y545legion_5-17ach6legion_5-15ith6h_firmwarel340-17iwllegion_5_pro-16ith6legion_5-17ith6hideapad_3-17are05_firmwares145-14ast_firmwares145-14iil_firmwarelegion_5-15ach6alegion_5-17ith6_firmwareideapad_3-14igl05_firmwarelegion_y540-15irh-pg0v14-ada_firmwareyoga_slim_7_pro-14ach5_od_firmwarev140-15iwl_firmwarev14-iillegion_5_pro-16ach6h_firmwares145-14igmlegion_5-17ach6h_firmwarev17-iilideapad_3-17alc6v14-iil_firmwarelegion_y540-17irhl340-15irhideapad_3-17iil05_firmwares540-13api_firmwarev340-17iwlideapad_3-15igl05s145-14igm_firmwareideapad_5-15are05_firmwares145-15ast_firmwareideapad_3-15alc6ideapad_3-15ada05legion_y540-17irh_firmwareideapad_3-17are05ideapad_3-15ada6legion_5-15ach6legion_7-16ithg6_firmwarelegion_5-15ach6h_firmwareideapad_3-17ada6_firmwareideapad_3-17ada05l3-15itl6_firmwarev14-ares145-15asts145-15igms145-15iill340-15iwl_touchideapad_3-15iil05_firmwarev15_g2-alc_firmwarelegion_5_pro-16ach6legion_y540-15irh_firmwares145-15apilegion_5_pro-16ith6hl340-17irhyoga_slim_7_pro-14ach5_dideapad_3-14are05_firmwareideapad_3-14alc6_firmwarelegion_5_pro-16ach6_firmwarev140-15iwllegion_y545-pg0ideapad_3-14igl05v15-igl_firmwareideapad_gaming_3-15imh05_firmwarelegion_7-16ithg6legion_5-17ach6hl340-15iwl_touch_firmwarev15-iilideapad_3-15iil05ideapad_3-14ada6ideapad_3-15ada6_firmwarel340-15iwl_firmwarev14-igl_firmwareideapad_3-17ada6legion_5-15ach6a_firmwarev15-ada_firmwareideapad_3-14are05legion_5-17ith6legion_5_pro-16ach6hv14_g2-acllegion_5-17ach6_firmwarelegion_y540-15irh-pg0_firmwarelegion_5-17ith6h_firmwarelegion_5_pro-16ith6h_firmwarelegion_y7000-2019-pg0ideapad_gaming_3-15imh05ideapad_3-15are05v15-adas145-15igm_firmwareideapad_creator_5-15imh05yoga_slim_7_pro-14ach5_odv15-igllegion_5-15ith6v17-iil_firmwareideapad_gaming_3-15arh05_firmwarelegion_y540-17irh-pg0_firmwareideapad_3-15are05_firmwareyoga_slim_7_pro-14ach5_d_firmwarel340-15iwlideapad_3-15igl05_firmwares145-14api_firmwarelegion_y7000-2019-pg0_firmwarelegion_y545-pg0_firmwarelegion_y7000-2019_firmwares145-14iilideapad_3-14alc6s145-15iil_firmwarev14-igll340-17iwl_firmwares145-14astv15_g2-alcv15-iil_firmwareideapad_5-15are05legion_y540-17irh-pg0legion_5-15ith6_firmwares145-14apiideapad_3-14ada05_firmwarev14-adav14_g2-acl_firmwareideapad_3-15alc6_firmwarev14-are_firmwareideapad_3-14ada6_firmwarev340-17iwl_firmwareideapad_3-17alc6_firmwareideapad_3-17iil05ideapad_3-15ada05_firmwareideapad_3-14iil05ideapad_3-14iil05_firmwareideapad_creator_5-15imh05_firmwareideapad_gaming_3-15arh05legion_y7000-2019legion_y540-15irhl3-15itl6legion_5-15ach6_firmwares540-13apilegion_7-16achg6_firmwarel340-15irh_firmwarelegion_5-15ach6hlegion_5_pro-16ith6_firmwarelegion_7-16achg6Notebook BIOS
CWE ID-CWE-489
Active Debug Code
CVE-2021-3972
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-9.72% / 92.62%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Action-Not Available
Vendor-Lenovo Group Limited
Product-l340-17irh_firmwareideapad_3-17ada05_firmwarev14_g2-itl_firmwareideapad_3-17itl6legion_5-15ith6hideapad_3-14ada05legion_y545_firmwarelegion_5-15imh6s145-15api_firmwareslim_9-14itl05slim_7_pro-14ihu5legion_y545ideapad_3-17itl6_firmwareyoga_slim_7_pro-14ihu5_olegion_5-17ach6legion_5-15ith6h_firmwarel340-17iwlyoga_c740-14imllegion_5_pro-16ith6legion_5-17ith6hyoga_slim_7_pro-14itl5ideapad_3-17are05_firmwares145-14ast_firmwares145-14iil_firmwarelegion_5-15ach6alegion_5-17ith6_firmwareyoga_slim_9-14itl05_firmwarelegion_y540-15irh-pg0ideapad_3-14igl05_firmwarev14-ada_firmwareideapad_3-14itl05_firmwareyoga_slim_7_pro-14ach5_od_firmwareideapad_3-14iml05_firmwarelegion_5-15imh6_firmwarev140-15iwl_firmwarev14-iilyoga_c940-14iillegion_5_pro-16ach6h_firmwares145-14igmslim_7_pro-14ihu5_firmwarelegion_5-17ach6h_firmwarev15_g1-imlv17-iils540-13iml_firmwareideapad_3-17alc6v14-iil_firmwarelegion_y540-17irhl340-15irhideapad_3-17iml05ideapad_3-17iil05_firmwares540-13api_firmwarev340-17iwlideapad_3-15igl05s145-14igm_firmwareyoga_slim_7_pro-14itl5_firmwares145-15ast_firmwareideapad_5-15are05_firmwareideapad_3-15itl6ideapad_3-15alc6yoga_7-14acn6_firmwareideapad_3-15ada05legion_y540-17irh_firmwareideapad_3-17are05ideapad_3-15ada6legion_5-15ach6legion_7-16ithg6_firmwarelegion_5-15ach6h_firmwareideapad_3-17ada6_firmwareideapad_3-17ada05l3-15itl6_firmwareideapad_3-14iml05yoga_slim_7_pro-14ihu5_o_firmwarev14-ares145-15astyoga_c740-15imls145-15igmv17_g2-itlideapad_3-15iml05s145-15iill340-15iwl_touchlegion_s7-15ach6_firmwareyoga_slim_7_pro-14ach5_firmwareyoga_slim_7_pro-14ach5_oideapad_3-15iil05_firmwarev15_g2-alc_firmwarelegion_5_pro-16ach6legion_y540-15irh_firmwares145-15apiv15_g2-itl_firmwarev14_g1-imllegion_5_pro-16ith6hl340-17irhyoga_slim_7_pro-14ach5_dyoga_slim_7_pro-14ach5ideapad_3-14are05_firmwareideapad_3-14alc6_firmwarelegion_5_pro-16ach6_firmwarev140-15iwllegion_y545-pg0ideapad_3-14igl05l3_15iml05v15-igl_firmwareideapad_gaming_3-15imh05_firmwareideapad_3-15itl05legion_7-16ithg6ideapad_3-15iml05_firmwarelegion_5-17ach6hl340-15iwl_touch_firmwarev15-iillegion_s7-15ach6ideapad_3-15iil05ideapad_3-14ada6ideapad_3-15ada6_firmwareideapad_3-17iml05_firmwarel340-15iwl_firmwarev14-igl_firmwareideapad_3-17ada6legion_5-15ach6a_firmwareyoga_c740-14iml_firmwarev15-ada_firmwareideapad_3-14are05legion_5-17ith6legion_5_pro-16ach6hv14_g2-acllegion_5-17ach6_firmwarelegion_y540-15irh-pg0_firmwareyoga_slim_7_pro-14arh5v15_g2-itlyoga_7-14acn6legion_5-17ith6h_firmwarelegion_5_pro-16ith6h_firmwarelegion_y7000-2019-pg0ideapad_3-14itl6ideapad_gaming_3-15imh05ideapad_3-15are05s540-13imlv15-adas14_g2_itls145-15igm_firmwareideapad_creator_5-15imh05yoga_slim_7_pro-14ach5_odv15_g1-iml_firmwarev15-iglideapad_5-15iil05_firmwarelegion_5-15ith6v17-iil_firmwarev17_g2-itl_firmwareyoga_slim_9-14itl05ideapad_gaming_3-15arh05_firmwarelegion_y540-17irh-pg0_firmwareideapad_3-15are05_firmwareyoga_slim_7_pro-14ach5_d_firmwarel340-15iwlideapad_3-15igl05_firmwareideapad_3-15itl05_firmwareideapad_5-15iil05s145-14api_firmwarelegion_y7000-2019-pg0_firmwarelegion_y545-pg0_firmwareyoga_slim_7_pro-14ach5_o_firmwarev14_g1-iml_firmwarelegion_y7000-2019_firmwareyoga_slim_7_pro-14arh5_firmwares145-14iilideapad_3-14alc6s145-15iil_firmwareslim_9-14itl05_firmwarev14-iglideapad_3-15itl6_firmwarev14_g2-itll340-17iwl_firmwares145-14astv15_g2-alcv15-iil_firmwareyoga_slim_7_pro-14ihu5ideapad_3-14itl6_firmwareideapad_5-15are05legion_y540-17irh-pg0legion_5-15ith6_firmwares14_g2_itl_firmwarel3_15iml05_firmwares145-14apiideapad_3-14ada05_firmwarev14-adav14_g2-acl_firmwareideapad_3-15alc6_firmwarev14-are_firmwareideapad_3-14ada6_firmwarev340-17iwl_firmwareideapad_3-17alc6_firmwareideapad_3-17iil05ideapad_3-15ada05_firmwareideapad_3-14iil05ideapad_3-14iil05_firmwareideapad_creator_5-15imh05_firmwareideapad_gaming_3-15arh05legion_y7000-2019yoga_c940-14iil_firmwareideapad_3-14itl05legion_y540-15irhl3-15itl6legion_5-15ach6_firmwares540-13apilegion_7-16achg6_firmwareyoga_c740-15iml_firmwareyoga_slim_7_pro-14ihu5_firmwarel340-15irh_firmwarelegion_5-15ach6hlegion_5_pro-16ith6_firmwarelegion_7-16achg6Notebook BIOS
CWE ID-CWE-489
Active Debug Code
CVE-2020-8322
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 15.19%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:50
Updated-16 Sep, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkbook_13s-iwl_firmwarev130-15igm_firmwarev110-15astv340-iml_firmwarexx-14api_qc_2019_firmwarev730-13ikb340c-15api720s-15ikb_firmware14iwl_firmwares145-15api_firmware330-15astmiix_720-12ikb_firmwarewei5-15ikbs940-14iwl720s_touch-15ikb_firmwarev110-14astv110-14ast_firmware6_pro-14-iwlv130-15ikb14iwle53-80_firmwareyoga_s730-13iwl_firmwarev340-iilv310-15igm_firmwares145-14ast_firmware330-17ast_firmwaree52-80xiaoxin_14-ast_qc_2019e42-80330-14astv330-15igm_firmwaree42-80_firmwarev330-15ikbv110-15ast_firmwarethinkbook_14s-iwlc640-iml_firmwarev730-13iskv540s-13e53-80thinkbook_13s-iwl330-14ast_firmwarev540s-13_firmwares145-14api_firmware6_pro-14-iwl_firmware730s-13iwl_firmwarev340-imlk3_firmwares540-13api_firmwarev310-15igmk3v130-15ikb_firmwares145-15ast_firmware730s-13iwls145-14ast340c-15ast_firmwarek32-80_sklc640-imlv330-15isk_firmwarev730-13isk_firmwareyoga_s940-14iwl_firmwarek32-80_kbl_firmwarek4-iwl6_pro-13-iwlxx-14api_qc_2019s145-14apis145-15ast6_pro-13-iwl_firmwarev730-15ikbmiix_720-12ikb330-15ast_firmware720s_touch-15ikbv720-12_firmwarev730-13ikb_firmwarek32-80_skl_firmwarev110-14ikb_firmware340c-15api_firmwares145-15apik22-80v110-14ikbv340-iil_firmwarek22-80_firmwarethinkbook_14s-iwl_firmwarek4-iwl_firmwarev330-15isks540-13api330-17astv330-15igmwei5-15ikb_firmware340c-15astxiaoxin_14-ast_qc_2019_firmwareyoga_s940-14iwls750-iils940-14iwl_firmwares750-iil_firmware720s-15ikbv730-15ikb_firmwarev720-12v330-15ikb_firmwarek32-80_kblv130-15igmyoga_s730-13iwle52-80_firmwareBIOS
CVE-2017-3759
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-8.1||HIGH
EPSS-1.43% / 79.82%
||
7 Day CHG~0.00%
Published-17 Oct, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Lenovo Service Framework Android application accepts some responses from the server without proper validation. This exposes the application to man-in-the-middle attacks leading to possible remote code execution.

Action-Not Available
Vendor-Lenovo Group Limited
Product-service_frameworkService Framework application
CWE ID-CWE-20
Improper Input Validation
CVE-2022-3429
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.98%
||
7 Day CHG~0.00%
Published-27 Oct, 2023 | 18:57
Updated-09 Sep, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly.

Action-Not Available
Vendor-Lenovo Group Limited
Product-gm266dns_firmwaregm266dnsg263dns_firmwareg263dnsgm265dngm265dn_firmwarePrinter GM265DN (production date July 2022 and later)Printer GM266DNSPrinter GM265DN (production date June 2022 and before)Printer G263DNS
CWE ID-CWE-20
Improper Input Validation
CVE-2023-1577
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.00%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 20:29
Updated-01 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Driver Managerdrivers_management
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9066
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-8.8||HIGH
EPSS-0.70% / 71.17%
||
7 Day CHG~0.00%
Published-30 Jul, 2018 | 15:00
Updated-16 Sep, 2024 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system.

Action-Not Available
Vendor-Lenovo Group Limited
Product-xclarity_administratorLenovo xClarity Administrator
CWE ID-CWE-20
Improper Input Validation
CVE-2016-8106
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.9||MEDIUM
EPSS-3.47% / 87.08%
||
7 Day CHG~0.00%
Published-09 Jan, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.

Action-Not Available
Vendor-Lenovo Group LimitedHP Inc.Intel Corporation
Product-system_x3250_m5thinkserver_rd550ethernet_10gb_4-port_563sfp\+ethernet_converged_network_adapter_x710-da2_x710da2g2p5ethernet_10gb_2-port_562sfp\+system_x3550_m5ethernet_converged_network_adapter_xl710-qda2_xl710qda2ethernet_controller_xl710-am2_sr1zkconverged_hx7510_applianceethernet_controller_xl710-bm1_sllkaethernet_converged_network_adapter_xl710-qda1_xl710qda1thinkserver_td350eth_converged_ntwk_adptr_xl710-qda1_exl710qda1g1p5ethernet_converged_network_adapter_x710-da4_x710da4g2p5ethernet_converged_network_adapter_xl710-qda1_xl710qda1g2p5ethernet_converged_network_adapter_xl710-qda2_xl710qda2blkethernet_controller_x710-bm2_sllkbethernet_converged_network_adapter_x710-da2_x710da2blkethernet_controller_xl710-bm2_sllk8thinkserver_rd350thinkserver_rd650ethernet_converged_network_adapter_x710-da4_x710da4fhblkethernet_i\/o_module_xl710-qda1_axx1p40frtiomthinkserver_rd450system_x3650_m5ethernet_10gb_2-port_562flr-sfp\+ethernet_controller_xl710-bm1_sllk9converged_hx7500_applianceethernet_controller_xl710_firmwareethernet_controller_xl710-am2_sr1zlproliant_xl260a_g9_serverthinkserver_sd350ethernet_controller_xl710-bm2_sllk7ethernet_controller_x710-am2_sr1zqconverged_hx_seriessystem_x3500_m5system_x3950_x6ethernet_controller_x710-am2_sr1zpeth_converged_ntwk_adptr_xl710-qda2_exl710qda2g1p5thinkagile_cx4200system_x3850_x6ethernet_converged_network_adapter_xl710-qda2_xl710qda2g2p5ethernet_converged_network_adapter_xl710-qda1_xl710qda1blkethernet_controller_x710_firmwareethernet_controller_xl710-am1_sr1zmeth_converged_ntwk_adptr_x710-da4_ex710da4g1p5thinkagile_cx2200nextscale_nx360_m5converged_hx5500_applianceethernet_controller_x710-bm2_sllkcethernet_converged_network_adapter_x710-da4_x710da4fhg2p5system_x3750_m4converged_hx5510_applianceeth_converged_ntwk_adptr_x710-da2_ex710da2g1p5ethernet_i\/o_module_xl710-qda2_axx2p40frtiomethernet_converged_network_adapter_x710-da4_x710da4fhethernet_converged_network_adapter_x710-da2_x710da2eth_converged_ntwk_adptr_x710-da4_ex710da4fhg1p5ethernet_controller_xl710-am1_sr1znthinkagile_cx4600Intel® Ethernet Controller X710 family and Intel® Ethernet Controller XL710 family
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9072
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 53.65%
||
7 Day CHG~0.00%
Published-30 Nov, 2018 | 14:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LXCI for VMware

In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads.

Action-Not Available
Vendor-Lenovo Group Limited
Product-xclarity_integratorLXCI for VMware
CWE ID-CWE-20
Improper Input Validation
CVE-2021-3786
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.11% / 29.52%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:05
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_t14sthinkpad_x13_yoga_gen_1thinkpad_l460_firmwarethinkpad_p17_gen_1thinkpad_11e_4th_gen_firmwarethinkpad_e490thinkpad_x1_fold_gen_1thinkpad_p51sthinkpad_p53thinkpad_x1_carbon_3rd_genthinkpad_p72_firmwarethinkpad_x12_detachable_gen_1_firmwarethinkpad_l590thinkpad_l460thinkpad_p52thinkpad_l13_yoga_gen_2_firmwarethinkpad_p70thinkpad_13_gen_2thinkpad_e470_firmwarethinkpad_x1_carbon_gen_8thinkpad_t460pthinkpad_p1thinkpad_e15_firmwarethinkpad_x1_tablet_firmwarethinkpad_t14s_firmwarethinkpad_l380_yoga_firmwarethinkpad_x280thinkpad_x390thinkpad_s540thinkpad_t15g_gen_1thinkpad_l470_firmwareideapad_yoga_s940-14iwlthinkpad_x1_carbon_3rd_gen_firmwarethinkpad_t490_firmwarethinkpad_l380_firmwarethinkpad_t15_firmwarethinkpad_t560_firmwarethinkpad_t580thinkpad_l390_yogathinkpad_t15p_gen_1_firmwarethinkpad_s5_2nd_gen_firmwarethinkpad_x1_carbon_gen_6_firmwarethinkpad_t570_firmwarethinkpad_yoga_11e_5th_genthinkpad_x1_carbon_5th_gen_kabylakethinkpad_t15p_gen_1thinkpad_x1_extreme_gen_3thinkpad_l570_firmwarethinkpad_x380_yoga_firmwarev330-15iskthinkpad_l13_yogathinkpad_11e_yoga_gen_6_firmwarethinkpad_s540_firmwarethinkpad_x1_yoga_4th_genthinkpad_t15g_gen_1_firmwarethinkpad_p52_firmwarethinkpad_x1_carbon_gen_6thinkpad_t580_firmwarethinkpad_e15v130-15igm_firmwarethinkpad_e15_gen_3_firmwarethinkpad_e14_gen_3_firmwarethinkpad_t460sthinkpad_11e_3rd_genthinkpad_x390_yogathinkpad_e570thinkpad_x1_carbon_gen_8_firmwarethinkpad_s5_2nd_genthinkpad_p14s_gen_1thinkpad_x1_yoga_3rd_gen_firmwarethinkpad_x1_extreme_firmwarethinkpad_11e_4th_genthinkpad_x13_gen_1_firmwarethinkpad_25_firmwarethinkpad_yoga_11e_5th_gen_firmwarethinkpad_e580thinkpad_p1_gen_3thinkpad_l13_gen_2thinkpad_x1_tablet_gen_3_firmwarethinkpad_p71thinkpad_x1_titanium_firmwarethinkpad_10_firmwarethinkpad_t14s_gen_2_firmwarethinkpad_e480_firmwarethinkpad_p51s_firmwarethinkpad_x250thinkpad_x1_carbon_gen_7ideapad_s940-14iwlthinkpad_t460_firmwarethinkpad_t460s_firmwarethinkpad_p15s_gen_2_firmwarethinkpad_x270_firmwarethinkpad_x1_carbon_5th_gen_skylake_firmwarethinkpad_s2_yoga_gen_6_firmwarethinkpad_x12_detachable_gen_1thinkpad_p1_gen_3_firmwarethinkpad_helix_firmwarethinkpad_l490thinkpad_t480s_firmwarethinkpad_p71_firmwarethinkpad_x1_carbon_5th_gen_skylakethinkpad_x1_tablet_gen_3thinkpad_l590_firmwarethinkpad_e15_gen_2_firmwarethinkpad_e15_gen_2thinkpad_l15thinkpad_t15_gen_2thinkpad_x1_titaniumthinkpad_l560_firmwarethinkpad_x260thinkpad_x1_nano_gen_1_firmwarethinkpad_11e_3rd_gen_firmwarethinkpad_p14s_gen_2thinkpad_e15_gen_3thinkpad_x250_firmwarethinkpad_p15v_gen_1_firmwarethinkpad_p53s_firmwarethinkpad_p15_gen_1v130-15igmthinkpad_x1_extreme_2ndthinkpad_t470_firmwarethinkpad_p52sthinkpad_13_gen_2_firmwarethinkpad_l13_yoga_firmwarethinkpad_t480_firmwarethinkpad_p50_firmwarethinkpad_25thinkpad_e580_firmwarethinkpad_x260_firmwarethinkpad_e590_firmwarethinkpad_t570thinkpad_l560thinkpad_t490thinkpad_x280_firmwarethinkpad_x1_yoga_1st_gen_firmwarethinkpad_t590thinkpad_t550thinkpad_p73_firmwarethinkpad_x1_tabletthinkpad_x1_carbon_5th_gen_kabylake_firmwarethinkpad_w550sthinkpad_l480thinkpad_x1_carbon_gen_7_firmwarethinkpad_t460thinkpad_x390_firmwarethinkpad_l390_yoga_firmwarethinkpad_s2_yoga_gen_6thinkpad_x270thinkpad_x1_yoga_gen_5_firmwarethinkpad_l580_firmwarethinkpad_t14_gen_2_firmwarethinkpad_e14_gen_2thinkpad_10ideapad_s940-14iwl_firmwarethinkpad_p50s_firmwarethinkpad_yoga_370thinkpad_p15s_gen_1_firmwarethinkpad_x13_yoga_gen_1_firmwarethinkpad_t440p_firmwarethinkpad_l470thinkpad_e570_firmwarethinkpad_t440pthinkpad_yoga_15thinkpad_l15_gen_2thinkpad_x390_yoga_firmwarethinkpad_p15v_gen_1thinkpad_l380thinkpad_t590_firmwarethinkpad_yoga_11e_4th_gen_firmwarethinkpad_x1_extremethinkpad_l490_firmwarethinkpad_yoga_11e_3rd_gen_firmwarethinkpad_x1_tablet_gen_2_firmwarethinkpad_p1_gen_2_firmwarethinkpad_t460p_firmwarethinkpad_l13_firmwarethinkpad_p52s_firmwarethinkpad_x13_gen_2thinkpad_l15_gen_2_firmwarethinkpad_x1_carbon_4th_gen_firmwarethinkpad_t550_firmwarethinkpad_l13_gen_2_firmwarethinkpad_e590thinkpad_x1_yoga_3rd_genthinkpad_e14_gen_3thinkpad_x13_gen_1thinkpad_s2_gen_6thinkpad_x1_nano_gen_1thinkpad_p1_firmwarethinkpad_t15thinkpad_p15_gen_1_firmwarethinkpad_p14s_gen_2_firmwarethinkpad_p15s_gen_1v330-15ikb_firmwarethinkpad_t14s_gen_2thinkpad_x1_yoga_gen_5thinkpad_x380_yogathinkpad_l480_firmwarethinkpad_p53sthinkpad_t480sthinkpad_x13_yoga_gen_2thinkpad_x1_extreme_2nd_firmwarethinkpad_p51_firmwarethinkpad_e14ideapad_yoga_s940-14iwl_firmwarethinkpad_l13_yoga_gen_2thinkpad_l570thinkpad_x1_yoga_4th_gen_firmwarethinkpad_p43sthinkpad_l390_firmwarethinkpad_t490s_firmwarethinkpad_l14_firmwarethinkpad_t14_gen_2thinkpad_x1_extreme_gen_3_firmwarethinkpad_t470s_firmwarethinkpad_p14s_gen_1_firmwarethinkpad_l580thinkpad_p50thinkpad_x1_tablet_gen_2v330-15ikbthinkpad_s2_gen_6_firmwarethinkpad_x13_yoga_gen_2_firmwarethinkpad_p1_gen_2thinkpad_t470p_firmwarethinkpad_11e_yoga_gen_6thinkpad_x13_gen_2_firmwarethinkpad_e490_firmwarethinkpad_p70_firmwarethinkpad_t560thinkpad_e14_gen_2_firmwarethinkpad_t470thinkpad_x1_carbon_4th_genthinkpad_p17_gen_1_firmwarethinkpad_yoga_11e_3rd_genthinkpad_l390thinkpad_t15_gen_2_firmwarethinkpad_p53_firmwarethinkpad_p50sthinkpad_x1_yoga_1st_genv330-15isk_firmwarethinkpad_l15_firmwarethinkpad_e480thinkpad_yoga_260thinkpad_p51thinkpad_l380_yogathinkpad_x1_fold_gen_1_firmwarethinkpad_l14thinkpad_l13thinkpad_t490sthinkpad_p73thinkpad_e470thinkpad_yoga_11e_4th_genthinkpad_yoga_15_firmwarethinkpad_t470sthinkpad_p72thinkpad_t14_gen_1thinkpad_yoga_260_firmwarethinkpad_t470pthinkpad_helixthinkpad_t14_gen_1_firmwarethinkpad_w550s_firmwarethinkpad_e14_firmwarethinkpad_yoga_370_firmwarethinkpad_p15s_gen_2thinkpad_t480thinkpad_p43s_firmwareNotebook and ThinkPad BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2016-4782
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.53% / 66.32%
||
7 Day CHG~0.00%
Published-23 May, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack."

Action-Not Available
Vendor-n/aLenovo Group LimitedGoogle LLC
Product-shareitandroidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-3944
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.34%
||
7 Day CHG~0.00%
Published-03 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com.

Action-Not Available
Vendor-n/aLenovo Group Limited
Product-accelerator_applicationn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-3323
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.72% / 71.57%
||
7 Day CHG~0.00%
Published-16 Apr, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication.

Action-Not Available
Vendor-n/aLenovo Group Limited
Product-thinkserver_system_manager_baseboard_management_controller_firmwarethinkserver_rd450thinkserver_rd650thinkserver_rd350thinkserver_rd550thinkserver_td350n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-27912
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.42%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 20:47
Updated-02 Aug, 2024 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Printerslingxlang_g262dn_firmwarelingxlang_g336dn_firmwarelj2310n_firmwarelingxlang_gm337dn_firmwarelingxlang_gm265dn_firmwarelingxlang_lj2320dn_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2024-27909
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 14.52%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 20:46
Updated-02 Aug, 2024 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in a system reboot.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Printers
CWE ID-CWE-20
Improper Input Validation
CVE-2023-5079
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.64%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 22:03
Updated-03 Sep, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure.

Action-Not Available
Vendor-Lenovo Group Limited
Product-lecloudLeCloud Application
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3752
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-8.2||HIGH
EPSS-0.15% / 35.55%
||
7 Day CHG~0.00%
Published-09 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.

Action-Not Available
Vendor-IBM CorporationLenovo Group Limited
Product-g8296_firmwarefabric_en4093\/en4093r_10gb_firmwareg8264t_firmware1g_l2-7_slbrackswitchg8272_firmwareg8264cs_firmwarevirtual_fabric_10gben2092_1gb_firmwareflex_systemg8264_firmwareg8332_firmwarelayer_2\/3_copper_firmwareg8124_firmwaresi4091_firmwareg8316_firmwareg8052_firmwarefabric_en4093r_10gb_firmwarefabric_cn4093_10gb_firmwareg8124e_firmware1\bladecenterLenovo and IBM Switch Products
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3772
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.14%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 20:30
Updated-01 Aug, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot.

Action-Not Available
Vendor-Lenovo Group Limited
Product-PC Manager
CWE ID-CWE-20
Improper Input Validation
CVE-2020-8349
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-9.8||CRITICAL
EPSS-2.62% / 85.10%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 21:25
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL.

Action-Not Available
Vendor-Lenovo Group Limited
Product-rackswitch_ne1072trackswitch_ne2572rackswitch_ne1032rackswitch_g8296rackswitch_g8272cloud_networking_operating_systemrackswitch_ne0152trackswitch_ne10032rackswitch_g8332rackswitch_ne1032tCloud Networking Operating System (CNOS)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-34422
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.50%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 19:45
Updated-06 Nov, 2024 | 21:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-xclarity_administratorLenovo XClarity Administrator
CWE ID-CWE-20
Improper Input Validation
CVE-2023-34421
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.50%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 19:45
Updated-06 Nov, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-xclarity_administratorLenovo XClarity Administrator
CWE ID-CWE-20
Improper Input Validation
CVE-2023-0896
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-8.8||HIGH
EPSS-0.09% / 27.16%
||
7 Day CHG~0.00%
Published-01 May, 2023 | 13:52
Updated-30 Jan, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access.

Action-Not Available
Vendor-Lenovo Group Limited
Product-smart_clock_essential_with_alexa_built_in_firmwaresmart_clock_essential_with_alexa_built_inLenovo Smart Clock Essential with Alexa Built In
CWE ID-CWE-20
Improper Input Validation
CVE-2023-0683
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-8.3||HIGH
EPSS-0.31% / 53.87%
||
7 Day CHG~0.00%
Published-01 May, 2023 | 14:23
Updated-30 Jan, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinksystem_sn550thinksystem_sr530_firmwarethinkagile_hx3375_firmwarethinksystem_sr570_firmwarethinkagile_hx5530thinksystem_sr158thinkagile_hx3721thinksystem_sd630_v2_firmwarethinksystem_sr665_firmwarethinksystem_sd650thinkagile_hx3520-g_firmwarethinkagile_hx3521-g_firmwarethinkagile_mx3531_h_firmwarethinksystem_st250thinkagile_vx1320_firmwarethinksystem_sr850thinksystem_sr158_firmwarethinkagile_vx3320_firmwarethinkagile_hx7530_firmwarethinkagile_hx2330thinkagile_vx7820thinksystem_sn850thinkagile_hx5520thinkagile_vx7530_firmwarethinkedge_se450_thinkagile_vx3320thinkagile_vx5520_firmwarethinksystem_st550_firmwarethinksystem_sr630thinkagile_mx1021_on_se350_firmwarethinksystem_sr950thinkagile_vx7320_nthinksystem_st658_v2thinkagile_hx1521-r_firmwarethinkagile_hx7820thinkagile_vx2320thinkagile_vx7520_nthinkagile_hx7520_firmwarethinkagile_vx_2u4nthinksystem_sr860_firmwarethinksystem_sr650_v2_firmwarethinkagile_hx5520-cthinksystem_sr630_v2thinkagile_hx_enclosure_firmwarethinkagile_hx7820_firmwarethinkagile_hx3720thinksystem_sd530thinksystem_sr860_v2thinksystem_sn850_firmwarethinkagile_mx1021_on_se350thinkagile_vx_4u_firmwarethinksystem_st650_v2thinksystem_sr258_v2thinkagile_hx7521_firmwarethinkagile_hx1021thinkagile_hx3375thinkagile_vx2320_firmwarethinksystem_sr250_v2_firmwarethinkagile_vx3330thinkagile_mx3330-h_firmwarethinkagile_hx2720-e_firmwarethinkagile_hx3331_firmwarethinksystem_st250_firmwarethinksystem_sr645_v3thinkagile_hx3330_firmwarethinksystem_sr570thinksystem_sd650-n_v2thinkagile_vx7520thinkagile_hx3321_firmwarethinksystem_sr670_v2_firmwarethinksystem_sr670_v2thinkagile_vx_4uthinkagile_mx3331-f_firmwarethinkagile_hx2320-e_firmwarethinkagile_hx1331thinkagile_hx3331thinkagile_hx7521thinkagile_vx5520thinksystem_sr550thinkagile_mx3330-hthinkagile_vx7530thinkagile_vx3520-g_firmwarethinksystem_se350_firmwarethinkagile_mx3530-hthinksystem_sd650_firmwarethinksystem_st250_v2thinkagile_hx2321_firmwarethinkagile_hx2321thinkagile_hx3721_firmwarethinkagile_mx3330-f_firmwarethinksystem_sr860_v2_firmwarethinksystem_sr850p_firmwarethinksystem_st258thinkagile_hx1320thinkagile_hx1321_firmwarethinksystem_sr850pthinkagile_hx1320_firmwarethinksystem_sn550_v2thinkstation_p920_firmwarethinksystem_sr258_v2_firmwarethinkagile_hx3320_firmwarethinkagile_hx3521-gthinkagile_hx2331_firmwarethinkagile_mx3530_f_firmwarethinksystem_st650_v2_firmwarethinkagile_mx3330-fthinksystem_st258_v2_firmwarethinksystem_st258_firmwarethinkagile_hx3376_firmwarethinkagile_vx2330thinkagile_vx7330_firmwarethinkagile_vx7531_firmwarethinkagile_hx7821_firmwarethinksystem_sr850_firmwarethinkagile_vx3330_firmwarethinksystem_st550thinkagile_hx7531thinkagile_vx3520-gthinksystem_st658_v2_firmwarethinkagile_vx7531thinkagile_vx_2u4n_firmwarethinksystem_sr670_firmwarethinksystem_sr150thinkagile_vx3720thinksystem_sr850_v2_firmwarethinksystem_sr250_v2thinkagile_hx2330_firmwarethinksystem_sd650_v2_firmwarethinksystem_sr665_v3_firmwarethinkagile_mx3530-h_firmwarethinkagile_hx_enclosurethinkagile_hx1321thinksystem_st250_v2_firmwarethinkagile_hx7520thinkagile_hx3330thinkagile_mx3331-h_firmwarethinkedge_se450__firmwarethinksystem_sr645_v3_firmwarethinkagile_hx2720-ethinkagile_hx1331_firmwarethinksystem_sr650_firmwarethinksystem_sd650-n_v2_firmwarethinksystem_sn550_v2_firmwarethinkagile_hx3321thinkagile_hx7530thinksystem_sr250thinksystem_sr530thinkagile_hx5520_firmwarethinksystem_sr850_v2thinksystem_se350thinkagile_mx1020_firmwarethinkagile_mx1020thinksystem_sr665thinksystem_sr150_firmwarethinkagile_hx3520-gthinkagile_vx7320_n_firmwarethinksystem_sr860thinkagile_hx7821thinkagile_hx3720_firmwarethinkagile_hx5521_firmwarethinksystem_sr645_firmwarethinkagile_hx1021_firmwarethinkagile_hx5530_firmwarethinkagile_vx3331thinksystem_st258_v2thinkagile_vx7820_firmwarethinkagile_hx5520-c_firmwarethinksystem_sd530_firmwarethinkagile_vx_1sethinkagile_mx3331-hthinkagile_hx5521-c_firmwarethinksystem_sd650_v2thinkstation_p920thinksystem_sr650_v2thinkagile_vx7330thinksystem_sn550_firmwarethinkagile_hx5521-cthinksystem_sr250_firmwarethinksystem_sr258_firmwarethinksystem_sr590_firmwarethinkagile_mx3530_fthinkagile_hx1520-rthinksystem_sd630_v2thinkagile_hx1521-rthinkagile_hx1520-r_firmwarethinkagile_hx3320thinkagile_vx3720_firmwarethinkagile_hx5531thinkagile_vx_1se_firmwarethinksystem_sr630_firmwarethinkagile_vx7520_n_firmwarethinksystem_sr550_firmwarethinkagile_hx2331thinkagile_hx2320-ethinkagile_vx5530thinkagile_mx3331-fthinkagile_hx7531_firmwarethinkagile_vx1320thinksystem_sr645thinksystem_sr670thinksystem_sr590thinkagile_vx3331_firmwarethinkagile_vx7520_firmwarethinksystem_sr950_firmwarethinkagile_vx2330_firmwarethinkagile_vx3530-g_firmwarethinksystem_sr630_v2_firmwarethinksystem_sr665_v3thinkagile_hx3376thinkagile_hx5531_firmwarethinkagile_mx3531_hthinkagile_vx3530-gthinkagile_vx5530_firmwarethinksystem_sr650thinksystem_sr258thinkagile_hx5521thinkagile_mx3531-fthinkagile_mx3531-f_firmwareXClarity Controller
CWE ID-CWE-20
Improper Input Validation
CVE-2020-8324
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-5||MEDIUM
EPSS-0.06% / 19.43%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 21:05
Updated-16 Sep, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_interface_foundationLenovoAppScenarioPluginSystem for Lenovo System Interface Foundation
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12323
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 19.72%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:16
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the Intel(R) ADAS IE before version ADAS_IE_1.0.766 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-adas_ieIntel(R) ADAS IE
CWE ID-CWE-20
Improper Input Validation
CVE-2024-20056
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.82%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 02:51
Updated-30 Apr, 2025 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185.

Action-Not Available
Vendor-rdkcentralMediaTek Inc.Google LLCOpenWrt
Product-mt6880mt6855mt6886mt8678mt6761mt6890mt6989mt6895mt6789mt6873mt6897androidmt6985mt6853mt6739openwrtmt6768mt8673mt6835mt6885mt6893mt6765mt6833mt8666mt6983mt8676mt8667mt6785mt6781rdk-bMT6739, MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6880, MT6885, MT6886, MT6890, MT6893, MT6895, MT6897, MT6983, MT6985, MT6989, MT8666, MT8667, MT8673, MT8676, MT8678mt6895mt6886mt6785mt6765mt8676mt6739mt6880mt6835mt6989mt8673mt8667mt6893mt6789mt6873mt6761mt6890mt6781mt8666mt6833mt6985mt6768mt6885mt6983mt6855mt6897mt6853
CWE ID-CWE-20
Improper Input Validation
CVE-2020-0526
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 17.25%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 20:02
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html

Action-Not Available
Vendor-Intel Corporation
Product-nuc_kit_nuc7i5bnknuc_board_d34010wybnuc_kit_nuc8i7beknuc_kit_nuc7i5dnhenuc_8_enthusiast_pc_nuc8i7bekqa_firmwarenuc_7_enthusiast_pc_nuc7i7bnhxgnuc_kit_nuc7i3bnhx1_firmwarenuc_7_home_a_mini_pc_nuc7i3bnhxfnuc_8_mainstream-g_kit_nuc8i7inh_firmwarenuc_kit_nuc6i5syk_firmwarenuc_kit_nuc5i5ryk_firmwarecompute_stick_stk1a32sc_firmwarenuc_kit_nuc6i3syh_firmwarenuc_kit_nuc5i5myhenuc_8_mainstream-g_kit_nuc8i5inhnuc_kit_nuc5i5ryknuc_kit_nuc7i5bnhnuc_kit_nuc5i3myhenuc_kit_nuc7i7dnkenuc_kit_nuc7i3bnknuc_board_nuc5i3mybe_firmwarenuc_kit_nuc7i5dnke_firmwarenuc_kit_nuc5i7ryh_firmwarenuc_kit_nuc7i7bnhnuc_kit_nuc7i3bnh_firmwarenuc_8_home_pc_nuc8i3cysmnuc_kit_nuc7i3bnhx1nuc_8_business_pc_nuc8i7hnkqcnuc_kit_nuc6i7kyk_firmwarenuc_kit_de3815tykhenuc_7_home_a_mini_pc_nuc7i5bnhxf_firmwarenuc_board_nuc7i7dnbenuc_kit_nuc7i5bnh_firmwarenuc_board_de3815tybe_firmwarenuc_board_d54250wyb_firmwarecompute_stick_stk2m3w64cc_firmwarenuc_kit_nuc5i3ryhsnuc_kit_d34010wyknuc_7_home_a_mini_pc_nuc7i3bnhxf_firmwarecompute_stick_stck1a8lfc_firmwarecompute_stick_stk1aw32sc_firmwarecompute_stick_stk1aw32scnuc_kit_nuc6cayh_firmwarenuc_kit_nuc7i5bnhx1_firmwarenuc_kit_nuc7i3bnk_firmwarenuc_kit_nuc5i5ryh_firmwarenuc_8_mainstream-g_kit_nuc8i5inh_firmwarenuc_kit_nuc7i7bnhx1nuc_kit_nuc5i5myhe_firmwarenuc_kit_nuc5i3ryh_firmwarenuc_8_rugged_kit_nuc8cchkr_firmwarecompute_stick_stk2m364ccnuc_kit_nuc6cays_firmwarecompute_stick_stk2m364cc_firmwarenuc_kit_nuc7i7dnke_firmwarenuc_kit_nuc6i3syhnuc_board_nuc7i3dnbe_firmwarenuc_kit_nuc7i7dnhenuc_kit_d54250wyknuc_kit_nuc7i3dnhe_firmwarenuc_kit_nuc5i3myhe_firmwarecompute_stick_stck1a32wfcnuc_kit_nuc7i5dnkenuc_7_home_a_mini_pc_nuc7i5bnkp_firmwarenuc_8_mainstream-g_mini_pc_nuc8i7inh_firmwarenuc_kit_d54250wyk_firmwarenuc_kit_nuc7pjyhnuc_kit_de3815tykhe_firmwarecompute_stick_stk1a32scnuc_kit_nuc5i3ryknuc_8_mainstream-g_mini_pc_nuc8i7inhnuc_kit_nuc5i3ryhs_firmwarenuc_board_nuc8cchbnuc_board_nuc5i5mybenuc_kit_nuc8i7hnknuc_7_essential_pc_nuc7cjysalnuc_board_d54250wybcompute_stick_stk2m3w64ccnuc_board_nuc5i3mybenuc_7_essential_pc_nuc7cjysal_firmwarenuc_kit_nuc7i5bnhx1nuc_kit_nuc6i3syk_firmwarenuc_kit_nuc7i3dnhenuc_kit_nuc5i3ryk_firmwarenuc_board_nuc8cchb_firmwarenuc_kit_nuc7i5dnhe_firmwarenuc_kit_nuc8i7hnk_firmwarecompute_stick_stck1a8lfcnuc_8_home_pc_nuc8i3cysm_firmwarenuc_kit_d34010wykhnuc_kit_nuc7cjyhnuc_board_nuc5i5mybe_firmwarenuc_kit_d54250wykh_firmwarenuc_board_nuc7i5dnbenuc_kit_nuc5cpyhnuc_kit_nuc6caysnuc_board_nuc7i7dnbe_firmwarenuc_kit_nuc7i7bnh_firmwarenuc_kit_nuc7i3dnke_firmwarenuc_8_business_pc_nuc8i7hnkqc_firmwarenuc_8_enthusiast_pc_nuc8i7bekqanuc_kit_nuc6i5syhnuc_board_nuc7i3dnbenuc_kit_nuc5i3ryhnuc_kit_nuc6cayhnuc_kit_nuc5ppyhnuc_kit_nuc8i7bek_firmwarenuc_8_mainstream-g_kit_nuc8i7inhnuc_board_nuc7i5dnbe_firmwarenuc_board_d34010wyb_firmwarenuc_kit_nuc5i3ryhsn_firmwarenuc_kit_nuc5i7ryhnuc_kit_nuc5pgyh_firmwarenuc_kit_nuc7i5bnk_firmwarenuc_kit_nuc5i5ryhsnuc_kit_nuc7i7bnhx1_firmwarenuc_kit_nuc5pgyhnuc_8_rugged_kit_nuc8cchkrnuc_kit_nuc6i5syknuc_kit_nuc5i5ryhs_firmwarenuc_kit_nuc7cjyh_firmwarenuc_kit_nuc7pjyh_firmwarenuc_7_enthusiast_pc_nuc7i7bnhxg_firmwarenuc_kit_nuc6i5syh_firmwarenuc_kit_nuc5cpyh_firmwarenuc_kit_nuc5ppyh_firmwarenuc_kit_d54250wykhcompute_stick_stck1a32wfc_firmwarenuc_kit_d34010wyk_firmwarenuc_kit_nuc6i7kyknuc_kit_nuc7i7dnhe_firmwarenuc_7_home_a_mini_pc_nuc7i5bnhxfnuc_kit_nuc5i5ryhnuc_kit_nuc6i3syknuc_board_de3815tybenuc_kit_d34010wykh_firmwarenuc_7_home_a_mini_pc_nuc7i5bnkpnuc_kit_nuc7i3dnkenuc_kit_nuc7i3bnhnuc_kit_nuc5i3ryhsnIntel(R) NUC Firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2022-42500
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.21%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OEM_OnRequest of sced.cpp, there is a possible shell command execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239701389References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2022-28781
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7.7||HIGH
EPSS-0.02% / 2.34%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 19:39
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-37336
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.9||HIGH
EPSS-0.02% / 4.41%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-02 Oct, 2024 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in BIOS firmware for some Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_10_performance_kit_nuc10i3fnhfnuc_10_performance_kit_nuc10i5fnhj_firmwarenuc_10_performance_kit_nuc10i3fnk_firmwarenuc_10_performance_kit_nuc10i7fnh_firmwarenuc_10_performance_kit_nuc10i7fnkn_firmwarenuc_10_performance_kit_nuc10i7fnhc_firmwarenuc_10_performance_mini_pc_nuc10i3fnhja_firmwarenuc_10_performance_kit_nuc10i7fnhnuc_10_performance_kit_nuc10i5fnhf_firmwarenuc_10_performance_mini_pc_nuc10i5fnhcanuc_10_performance_kit_nuc10i5fnhnuc_10_performance_kit_nuc10i7fnk_firmwarenuc_10_performance_kit_nuc10i5fnk_firmwarenuc_10_performance_kit_nuc10i3fnknuc_10_performance_kit_nuc10i7fnhnnuc_10_performance_mini_pc_nuc10i5fnkpanuc_10_performance_kit_nuc10i7fnknnuc_10_performance_kit_nuc10i5fnhjnuc_10_performance_mini_pc_nuc10i7fnhaanuc_10_performance_kit_nuc10i5fnh_firmwarenuc_10_performance_kit_nuc10i5fnhfnuc_10_performance_kit_nuc10i5fnkp_firmwarenuc_10_performance_kit_nuc10i5fnkpnuc_10_performance_kit_nuc10i5fnhnnuc_10_performance_mini_pc_nuc10i7fnkpa_firmwarenuc_10_performance_kit_nuc10i3fnhnuc_10_performance_mini_pc_nuc10i7fnhja_firmwarenuc_10_performance_mini_pc_nuc10i7fnkpanuc_10_performance_kit_nuc10i3fnhn_firmwarenuc_10_performance_mini_pc_nuc10i5fnhca_firmwarenuc_10_performance_mini_pc_nuc10i3fnhjanuc_10_performance_kit_nuc10i5fnknuc_10_performance_kit_nuc10i7fnkpnuc_10_performance_kit_nuc10i3fnhnnuc_10_performance_mini_pc_nuc10i7fnhjanuc_10_performance_kit_nuc10i7fnkp_firmwarenuc_10_performance_kit_nuc10i3fnhf_firmwarenuc_10_performance_mini_pc_nuc10i3fnhfa_firmwarenuc_10_performance_kit_nuc10i7fnhcnuc_10_performance_mini_pc_nuc10i7fnhaa_firmwarenuc_10_performance_kit_nuc10i7fnhn_firmwarenuc_10_performance_kit_nuc10i3fnh_firmwarenuc_10_performance_kit_nuc10i7fnknuc_10_performance_mini_pc_nuc10i5fnhjanuc_10_performance_mini_pc_nuc10i5fnkpa_firmwarenuc_10_performance_kit_nuc10i5fnknnuc_10_performance_mini_pc_nuc10i3fnhfanuc_10_performance_kit_nuc10i3fnkn_firmwarenuc_10_performance_mini_pc_nuc10i5fnhja_firmwarenuc_10_performance_kit_nuc10i5fnkn_firmwarenuc_10_performance_kit_nuc10i5fnhn_firmwarenuc_10_performance_kit_nuc10i3fnknIntel(R) NUC
CWE ID-CWE-20
Improper Input Validation
CVE-2020-0572
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 16.75%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:56
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the firmware for Intel(R) Server Board S2600ST and S2600WF families may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-server_board_s2600stqrserver_board_s2600wf0rserver_board_s2600wf_firmwareserver_board_s2600stbrserver_board_s2600st_firmwareserver_board_s2600wfqrserver_board_s2600wftrIntel(R) Server Board S2600ST and S2600WF families
CWE ID-CWE-20
Improper Input Validation
CVE-2019-9467
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.10% / 27.34%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 19:48
Updated-04 Aug, 2024 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-80316910

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2022-34885
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-0.09% / 27.16%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 21:43
Updated-27 Mar, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code.

Action-Not Available
Vendor-Motorola Mobility LLC. (Lenovo Group Limited)
Product-mr2600mr2600_firmwareMR2600 Router
CWE ID-CWE-20
Improper Input Validation
CVE-2022-33945
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.07% / 20.52%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:05
Updated-14 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) Server board and Intel(R) Server System BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-compute_module_hns2600bps24compute_module_hns2600bpblc24rserver_board_s2600bpsserver_board_s2600bpqrcompute_module_hns2600bps_firmwarecompute_module_hns2600bpq24_firmwarecompute_module_hns2600bpq_firmwarecompute_module_hns2600bpblc24_firmwareserver_board_s2600bpqr_firmwareserver_system_vrn2224bphy6compute_module_hns2600bpq24r_firmwarecompute_module_hns2600bps24rcompute_module_hns2600bpbserver_board_s2600bpb_firmwarecompute_module_hns2600bpsrcompute_module_liquid-cooled_hns2600bpbrctserver_system_m70klp4s2uhhserver_system_vrn2224bphy6_firmwarecompute_module_hns2600bpblc_firmwarecompute_module_hns2600bpblcrcompute_module_hns2600bpbr_firmwareserver_system_m20ntp1ur304server_system_vrn2224bpaf6compute_module_hns2600bpqrcompute_module_hns2600bpbrserver_system_vrn2224bpaf6_firmwarecompute_module_hns2600bpb_firmwareserver_board_m20ntp2sbserver_board_m10jnp2sb_firmwareserver_board_s2600bpbrserver_system_m70klp4s2uhh_firmwareserver_board_m70klp2sbcompute_module_hns2600bps24_firmwarecompute_module_hns2600bps24r_firmwareserver_system_zsb2224bpaf2compute_module_hns2600bpsr_firmwarecompute_module_hns2600bpb24_firmwareserver_system_mcb2208wfaf5_firmwarecompute_module_liquid-cooled_hns2600bpbrct_firmwareserver_board_s2600bpbr_firmwarecompute_module_hns2600bpqcompute_module_hns2600bpblcr_firmwareserver_board_s2600bpbcompute_module_hns2600bpblc24server_system_zsb2224bphy1_firmwareserver_system_m20ntp1ur304_firmwareserver_board_m70klp2sb_firmwarecompute_module_hns2600bpblc24r_firmwareserver_board_s2600bpqserver_board_m10jnp2sbserver_system_zsb2224bpaf1server_board_s2600bpq_firmwarecompute_module_hns2600bpblcserver_system_zsb2224bpaf1_firmwareserver_board_s2600bpsrcompute_module_hns2600bpqr_firmwareserver_board_s2600bps_firmwarecompute_module_hns2600bpsserver_board_s2600bpsr_firmwarecompute_module_hns2600bpb24server_system_zsb2224bphy1server_system_zsb2224bpaf2_firmwarecompute_module_hns2600bpq24rcompute_module_hns2600bpq24server_board_m20ntp2sb_firmwareserver_system_mcb2208wfaf5Intel(R) Server board and Intel(R) Server System BIOS firmwareserver_system_m70klp_familyserver_board_m10jnp2sb_familyserver_board_s2600bp_familyserver_m20ntp_family
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found