Vulnerabilidades en Lenovo
369 resultadosCVE-2020-8354MEDIUMA potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrEPSS 0.2%CVE-2021-3550HIGHA DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation.EPSS 0.2%CVE-2021-4211MEDIUMA potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdEPSS 0.2%CVE-2021-4210MEDIUMA potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models maEPSS 0.2%CVE-2021-4212MEDIUMA potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacEPSS 0.2%CVE-2021-3719MEDIUMA potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some EPSS 0.2%CVE-2024-9046HIGHA DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges.EPSS 0.2%CVE-2023-2993MEDIUMA valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limEPSS 0.2%CVE-2024-8105MEDIUMInsecure Platform Key (PK) used in UEFI system firmware signatureEPSS 0.2%CVE-2022-1108MEDIUMA potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could beEPSS 0.2%CVE-2019-6156—In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additionaEPSS 0.2%CVE-2022-0354HIGHA vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute codEPSS 0.2%CVE-2021-3614MEDIUMA vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under cEPSS 0.2%CVE-2022-0192HIGHA DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation.EPSS 0.2%CVE-2025-8557HIGHAn internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below vulnerability:
An attacker with access to a EPSS 0.2%CVE-2021-3453MEDIUMSome Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker wiEPSS 0.2%CVE-2024-23594MEDIUM
A buffer overflow vulnerability was reported
in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operatiEPSS 0.2%CVE-2025-10699MEDIUMA vulnerability was reported in the Lenovo LeCloud client application that, under certain conditions, could allow information disclosure.EPSS 0.2%CVE-2021-42850HIGHA weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that EPSS 0.2%CVE-2021-3519MEDIUMA vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password AtEPSS 0.2%