Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lenovo updates - vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2016-8237
Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle malicious users to execute arbitrary code.
Lenovo Updates -
7.8
CVSSv3
CVE-2022-1892
A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
Lenovo 100e 2nd Gen Firmware
Lenovo 100w Gen 3 Firmware
Lenovo 13w Yoga Firmware
Lenovo 14w Gen 2 Firmware
Lenovo 300e 2nd Gen Firmware
Lenovo 300w Gen 3 Firmware
Lenovo 500w Gen 3 Firmware
Lenovo 730s-13iml Firmware
Lenovo Flex 3-11ada05 Firmware
Lenovo Flex 5-14alc05 Firmware
Lenovo Flex 5-14are05 Firmware
Lenovo Flex 5-14iil05 Firmware
Lenovo Flex 5-14itl05 Firmware
Lenovo Flex 5-15alc05 Firmware
Lenovo Flex 5-15iil05 Firmware
Lenovo Flex 5-15itl05 Firmware
Lenovo Ideapad 1-11ada05 Firmware
Lenovo Ideapad 1-11igl05 Firmware
Lenovo Ideapad 1-14ada05 Firmware
Lenovo Ideapad 1-14igl05 Firmware
Lenovo Ideapad 3-15ada05 Firmware
Lenovo Ideapad 3-14ada05 Firmware
1 Article
7.8
CVSSv3
CVE-2022-1890
A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
Lenovo Thinkbook 14-iml Firmware
Lenovo Thinkbook 14-iil Firmware
Lenovo Thinkbook 15-iil Firmware
Lenovo Thinkbook 15-iml Firmware
Lenovo Yoga C640-13iml Lte Firmware
Lenovo Yoga C640-13iml Firmware
1 Article
7.8
CVSSv3
CVE-2022-1891
A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
Lenovo Thinkbook 14-iml Firmware
Lenovo Thinkbook 14-iil Firmware
Lenovo Thinkbook 15-iil Firmware
Lenovo Thinkbook 15-iml Firmware
Lenovo Yoga C640-13iml Lte Firmware
Lenovo Yoga C640-13iml Firmware
1 Article
7.3
CVSSv3
CVE-2019-0164
Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
Intel Turbo Boost Max Technology 3.0
Lenovo Thinkstation P410 Firmware -
Lenovo Thinkstation P510 Firmware -
Lenovo Thinkstation P710 Firmware -
Lenovo Thinkstation P910 Firmware -
4.9
CVSSv3
CVE-2020-8355
An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if t...
Lenovo Xclarity Administrator
6.5
CVSSv3
CVE-2018-9084
In System Management Module (SMM) versions before 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented.
Lenovo System Management Module Firmware
6
CVSSv3
CVE-2019-19756
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update...
Lenovo Xclarity Administrator 2.6.0
5.9
CVSSv3
CVE-2016-1344
The IKEv2 implementation in Cisco IOS 15.0 up to and including 15.6 and IOS XE 3.3 up to and including 3.17 allows remote malicious users to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.
Cisco Ios Xe 3.4sg 3.4.2sg
Cisco Ios Xe 3.4sg 3.4.6sg
Cisco Ios Xe 3.10s 3.10.3s
Cisco Ios Xe 3.7s 3.7.0s
Cisco Ios Xe 3.7s 3.7.5s
Cisco Ios Xe 3.5e 3.5.2e
Cisco Ios Xe 3.4s 3.4.6s
Cisco Ios Xe 3.9s 3.9.1s
Cisco Ios Xe 3.7e 3.7.3e
Cisco Ios Xe 3.3s 3.3.2s
Cisco Ios Xe 3.5e 3.5.1e
Cisco Ios Xe 3.16s 3.16.0s
Cisco Ios Xe 3.4sg 3.4.7sg
Cisco Ios Xe 3.12s 3.12.1s
Cisco Ios Xe 3.7s 3.7.7s
Cisco Ios Xe 3.8s 3.8.1s
Cisco Ios Xe 3.6s 3.6.1s
Cisco Ios Xe 3.6e 3.6.2e
Cisco Ios Xe 3.6e 3.6.1e
Cisco Ios Xe 3.7s 3.7.4s
Cisco Ios Xe 3.4s 3.4.0as
Samsung X14j Firmware T-ms14jakucb-1102.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started