Vulnerabilidades en Lenovo
369 resultadosAnálisis Vexday
Com 369 CVEs catalogadas, o portfólio de vulnerabilidades da Lenovo apresenta taxa de exploração ativa abaixo da média geral do catálogo KEV, sem registros confirmados de exploração em curso. O tipo de falha mais frequente é CWE-20 (validação inadequada de entrada), o que sugere atenção recorrente à sanitização de dados em componentes de firmware e software proprietário. A CVE mais perigosa identificada atualmente é CVE-2022-3699, com score EPSS de 0,0428 — o maior valor observado no conjunto —, indicando probabilidade de exploração ainda relativamente baixa, mas suficiente para justificar priorização em ambientes corporativos que dependem de hardware Lenovo. As 13 vulnerabilidades surgidas nos últimos 90 dias e a presença de 4 falhas críticas reforçam a necessidade de ciclos regulares de atualização de firmware e drivers.
CVE-2024-4762HIGHAn improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escEPSS 0.1%CVE-2026-1715MEDIUMAn input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow aEPSS 0.1%CVE-2026-1716MEDIUMAn input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow aEPSS 0.1%CVE-2026-1717MEDIUMAn input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allEPSS 0.1%CVE-2025-1729MEDIUMA DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker toEPSS 0.1%CVE-2025-10581HIGHA potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a loEPSS 0.1%CVE-2025-8486HIGHA potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges.EPSS 0.1%CVE-2024-5474MEDIUMA potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2EPSS 0.1%CVE-2019-6198HIGHA vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.EPSS 0.1%CVE-2019-6197HIGHA vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.EPSS 0.1%CVE-2024-11679MEDIUMAn input validation weakness was reported in the TpmSetup module for some legacy System x server products that could allow a local attacker EPSS 0.1%CVE-2024-4786LOWAn improper validation vulnerability was reported in the Lenovo Tab K10 that could allow a specially crafted application to keep the device EPSS 0.1%CVE-2025-14058LOWA potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical accEPSS 0.1%CVE-2025-1479MEDIUMAn open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to exEPSS 0.1%CVE-2026-8637HIGHA potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authentEPSS 0.1%CVE-2026-0940HIGHA potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modEPSS 0.1%CVE-2026-2368HIGHAn improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of interceptinEPSS 0.1%CVE-2026-1636MEDIUMA potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticaEPSS 0.1%CVE-2024-10254MEDIUMA potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attackerEPSS 0.1%CVE-2024-10253MEDIUMA potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to causeEPSS 0.1%