Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lenovo vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2015-3322
Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers prior to 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows malicious users to decrypt the passwords via unspecified vectors.
Lenovo Thinkserver Rd650 Firmware
Lenovo Thinkserver Rd650
Lenovo Thinkserver Td350 Firmware
Lenovo Thinkserver Td350
Lenovo Thinkserver Rd350 Firmware
Lenovo Thinkserver Rd350
Lenovo Thinkserver Rd550 Firmware
Lenovo Thinkserver Rd550
Lenovo Thinkserver Rd450 Firmware
Lenovo Thinkserver Rd450
NA
CVE-2022-3431
A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
Lenovo Ideapad Creator 5-16ach6 Firmware
Lenovo Ideapad 5 Pro-16ihu6 Firmware
Lenovo Ideapad 5 Pro-16ach6 Firmware
Lenovo Yoga Slim 7-13itl05 Firmware
Lenovo Yoga Slim 7-13acn05 Firmware
Lenovo Yoga Slim 7 Pro 16arh7 Firmware
Lenovo Yoga Slim 7 Pro 16ach6 Firmware
Lenovo Yoga Slim 7 Carbon 13itl5 Firmware
Lenovo Yoga Duet 7-13itl6-lte Firmware
Lenovo Yoga Duet 7-13itl6 Firmware
Lenovo Yoga Duet 7-13iml05 Firmware
Lenovo Thinkbook Plus G3 Iap Firmware
Lenovo Thinkbook Plus G2 Itg Firmware
Lenovo Thinkbook 16p Nx Arh Firmware
Lenovo Thinkbook 16 G4\\+ Iap Firmware
Lenovo Thinkbook 16 G4\\+ Ara Firmware
Lenovo Thinkbook 14 G4\\+ Iap Firmware
Lenovo Thinkbook 14 G4\\+ Ara Firmware
Lenovo Thinkbook 13x Itg Firmware
Lenovo Ideapad Slim 7 Pro 16ach6 Firmware
Lenovo S540-15iml Firmware
Lenovo Slim 7 16arh7 Firmware
NA
CVE-2023-2290
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.
Lenovo Thinkpad E14 Firmware 1.23
Lenovo Thinkpad E14 Gen 2 Firmware 1.55
Lenovo Thinkpad E14 Gen 4 Firmware 1.18
Lenovo Thinkpad E14 Gen 4 Firmware 1.16
Lenovo Thinkpad E15 Firmware 1.23
Lenovo Thinkpad E15 Gen 2 Firmware 1.55
Lenovo Thinkpad E15 Gen 4 Firmware 1.18
Lenovo Thinkpad E15 Gen 4 Firmware 1.16
Lenovo Thinkpad E490 Firmware 1.34
Lenovo Thinkpad E490s Firmware 1.34
Lenovo Thinkpad E590 Firmware 1.34
Lenovo Thinkpad L13 Gen 3 Firmware 1.14
Lenovo Thinkpad L13 Yoga Gen 3 Firmware 1.14
Lenovo Thinkpad L14 Firmware 1.2
Lenovo Thinkpad L14 Firmware 1.3
Lenovo Thinkpad L14 Firmware 1.48
Lenovo Thinkpad L14 Firmware 1.61
Lenovo Thinkpad L14 Firmware 1.26
Lenovo Thinkpad L15 Firmware 1.2
Lenovo Thinkpad L15 Firmware 1.3
Lenovo Thinkpad L15 Gen 2 Firmware 1.48
Lenovo Thinkpad L15 Gen 2 Firmware 1.61
7.2
CVSSv2
CVE-2021-3970
A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.
Lenovo Ideapad 3-14ada05 Firmware
Lenovo Ideapad 3-14ada6 Firmware
Lenovo Ideapad 3-14alc6 Firmware
Lenovo Ideapad 3-14are05 Firmware
Lenovo Ideapad 3-15ada6 Firmware
Lenovo Ideapad 3-15alc6 Firmware
Lenovo Ideapad 3-15are05 Firmware
Lenovo Ideapad 3-15igl05 Firmware
Lenovo Ideapad 3-17ada05 Firmware
Lenovo Ideapad 3-17ada6 Firmware
Lenovo Ideapad 3-17alc6 Firmware
Lenovo Ideapad 3-17are05 Firmware
Lenovo Ideapad 3-17iil05 Firmware
Lenovo Ideapad 3-17itl6 Firmware
Lenovo Ideapad 3-15ada05 Firmware
Lenovo L3 15iml05 Firmware
Lenovo L3-15itl6 Firmware
Lenovo L340-15irh Firmware
Lenovo L340-15iwl Firmware
Lenovo L340-15iwl Touch Firmware
Lenovo L340-17irh Firmware
Lenovo L340-17iwl Firmware
1 Article
4.6
CVSSv2
CVE-2021-3972
A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
Lenovo Ideapad 3-14ada05 Firmware
Lenovo Ideapad 3-14ada6 Firmware
Lenovo Ideapad 3-14alc6 Firmware
Lenovo Ideapad 3-14are05 Firmware
Lenovo Ideapad 3-15ada6 Firmware
Lenovo Ideapad 3-15alc6 Firmware
Lenovo Ideapad 3-15are05 Firmware
Lenovo Ideapad 3-15igl05 Firmware
Lenovo Ideapad 3-17ada05 Firmware
Lenovo Ideapad 3-17ada6 Firmware
Lenovo Ideapad 3-17alc6 Firmware
Lenovo Ideapad 3-17are05 Firmware
Lenovo Ideapad 3-17iil05 Firmware
Lenovo Ideapad 3-17itl6 Firmware
Lenovo Ideapad 3-15ada05 Firmware
Lenovo L3 15iml05 Firmware
Lenovo L3-15itl6 Firmware
Lenovo L340-15irh Firmware
Lenovo L340-15iwl Firmware
Lenovo L340-15iwl Touch Firmware
Lenovo L340-17irh Firmware
Lenovo L340-17iwl Firmware
1 Github repository
1 Article
4.6
CVSSv2
CVE-2021-3971
A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM vari...
Lenovo Ideapad 3-14ada05 Firmware
Lenovo Ideapad 3-14ada6 Firmware
Lenovo Ideapad 3-14alc6 Firmware
Lenovo Ideapad 3-14are05 Firmware
Lenovo Ideapad 3-15ada6 Firmware
Lenovo Ideapad 3-15alc6 Firmware
Lenovo Ideapad 3-15are05 Firmware
Lenovo Ideapad 3-15igl05 Firmware
Lenovo Ideapad 3-17ada05 Firmware
Lenovo Ideapad 3-17ada6 Firmware
Lenovo Ideapad 3-17alc6 Firmware
Lenovo Ideapad 3-17are05 Firmware
Lenovo Ideapad 3-17iil05 Firmware
Lenovo Ideapad 3-15ada05 Firmware
Lenovo L3-15itl6 Firmware
Lenovo L340-15irh Firmware
Lenovo L340-15iwl Firmware
Lenovo L340-15iwl Touch Firmware
Lenovo L340-17irh Firmware
Lenovo L340-17iwl Firmware
Lenovo Legion 5 Pro-16ach6 Firmware
Lenovo Legion 5 Pro-16ach6h Firmware
1 Article
7.2
CVSSv2
CVE-2021-4212
A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.
Lenovo C340-14iml Firmware -
Lenovo C340-15iml Firmware -
Lenovo D330-10igm Firmware -
Lenovo Duet 3-10igl5 Firmware -
Lenovo E41-50 Firmware -
Lenovo Flex-14iml Firmware -
Lenovo Flex-15iml Firmware -
Lenovo Ideapad 3-14are05 Firmware -
Lenovo Ideapad 3-15are05 Firmware -
Lenovo Ideapad 3-17are05 Firmware -
Lenovo Ideapad 5-14alc05 Firmware -
Lenovo Ideapad 5-14are05 Firmware -
Lenovo Ideapad 5-15itl05 Firmware -
Lenovo Ideapad 5 Pro-14acn6 Firmware -
Lenovo Ideapad 5 Pro-14itl6 Firmware -
Lenovo Ideapad 5 Pro-16ihu6 Firmware -
Lenovo Ideapad Creator 5-15imh05 Firmware -
Lenovo Ideapad Gaming 3-15ach6 Firmware -
Lenovo Ideapad Gaming 3-15arh05 Firmware -
Lenovo Ideapad Gaming 3-15imh05 Firmware -
Lenovo L340-15irh Firmware -
Lenovo L340-15iwl Firmware -
NA
CVE-2022-40134
An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
Lenovo Ideacentre C5-14imb05 Firmware O4hkt38a
Lenovo Thinkcentre E96z Firmware M26kt22a
Lenovo Ideacentre 3 07iab7 Firmware M49kt1da
Lenovo Ideacentre 3-07imb05 Firmware M2vkt1da
Lenovo Ideacentre 5 14iab7 Firmware M42kt40a
Lenovo Ideacentre 5-14acn6 Firmware O5ekt21a
Lenovo Ideacentre 5-14imb05 Firmware O4hkt38a
Lenovo Ideacentre 5-14iob6 Firmware M3gkt33a
Lenovo Ideacentre Creator 5-14iob6 Firmware M3gkt33a
Lenovo Ideacentre G5-14imb05 Firmware O4hkt38a
Lenovo Ideacentre Gaming 5 17acn7 Firmware O5ekt21a
Lenovo Ideacentre Gaming 5 17iab7 Firmware M42kt40a
Lenovo Ideacentre Gaming 5-14acn6 Firmware O5ekt21a
Lenovo Ideacentre Gaming 5-14iob6 Firmware M3gkt33a
Lenovo Legion C530-19icb Firmware O4bkt20a
Lenovo Legion T5-26iob6 Firmware O54kt1da
Lenovo Legion T5-28icb05 Firmware O4bkt20a
Lenovo Legion T530-28apr Firmware O4gkt16a
Lenovo Legion T530-28icb Firmware O4bkt20a
Lenovo Legion T7-34imz5 Firmware O4lkt1ea
Lenovo Thinkcentre M60e Tiny Firmware O5fkt14a
Lenovo Thinkcentre M625q Firmware M3skt21a
10
CVSSv2
CVE-2015-5684
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a...
Lenovo B50-10 Firmware
Lenovo Flex 2 Pro-15 Firmware
Lenovo Edge 15 Firmware
Lenovo Flex 3-1470 Firmware
Lenovo Flex 3-1570 Firmware
Lenovo Flex 3-1120 Firmware
Lenovo G40-80 Firmware
Lenovo G50-80 Firmware
Lenovo G50-80 Touch Firmware
Lenovo G50-80 Touch V3000 Firmware
Lenovo G40-80m Firmware
Lenovo G50-80m Firmware
Lenovo Ideapad 100-14iby Firmware
Lenovo Ideapad 100-15iby Firmware
Lenovo S21e Firmware
Lenovo S41-70 Firmware
Lenovo U41-70 Firmware
Lenovo S435 Firmware
Lenovo M40-35 Firmware
Lenovo U31-70 Firmware
Lenovo Yoga 3 14 Firmware
Lenovo Yoga 3 11 Firmware
4.6
CVSSv2
CVE-2020-8322
A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.
Lenovo 330-14ast Firmware -
Lenovo 330-15ast Firmware -
Lenovo 330-17ast Firmware -
Lenovo 340c-15api Firmware -
Lenovo 340c-15ast Firmware -
Lenovo 720s Touch-15ikb Firmware -
Lenovo 720s-15ikb Firmware -
Lenovo 730s-13iwl Firmware -
Lenovo C640-iml Firmware -
Lenovo E42-80 Firmware -
Lenovo E52-80 Firmware -
Lenovo K22-80 Firmware -
Lenovo V720-12 Firmware -
Lenovo K32-80 Kbl Firmware -
Lenovo K32-80 Skl Firmware -
Lenovo Miix 720-12ikb Firmware -
Lenovo S145-14api Firmware -
Lenovo S145-14ast Firmware -
Lenovo S145-15api Firmware -
Lenovo S145-15ast Firmware -
Lenovo S540-13api Firmware -
Lenovo S750-iil Firmware -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »