cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-5912,https://securityvulnerability.io/vulnerability/CVE-2023-5912,Possible Memory Leak Vulnerability Affects Lenovo Notebooks,"
A potential memory leakage vulnerability was reported in some Lenovo Notebook products that may allow a local attacker with elevated privileges to write to NVRAM variables. 

",Lenovo,Notebook BiOS,6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-05T21:15:00.000Z,0
CVE-2022-3746,https://securityvulnerability.io/vulnerability/CVE-2022-3746,Local Vulnerability in Lenovo Consumer Notebooks Affecting Embedded Controller Interface,"A vulnerability exists in the BIOS of select Lenovo consumer notebook models that could allow a local attacker with elevated privileges to manipulate the Embedded Controller interface. This may lead to abnormal behavior of connected peripherals, potentially impacting user experience and device functionality. The exposure of such interfaces poses a risk, emphasizing the importance of timely updates and security patches for affected devices.",Lenovo,Notebook,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-08-23T19:43:54.077Z,0
CVE-2022-3745,https://securityvulnerability.io/vulnerability/CVE-2022-3745,Local Privilege Escalation in Lenovo BIOS for Consumer Notebooks,"A vulnerability exists in the LCFC BIOS of various Lenovo consumer notebook models. This issue could enable a local attacker with elevated privileges to access sensitive data, including incoming and returned information from System Management Interrupts (SMI). Proper security measures and updates are crucial to mitigate this risk.",Lenovo,Notebook,4.4,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-08-23T19:43:34.512Z,0
CVE-2022-3744,https://securityvulnerability.io/vulnerability/CVE-2022-3744,Local Privilege Escalation in Lenovo Consumer Notebooks,"A vulnerability has been identified in the LCFC BIOS used by certain Lenovo consumer notebook models, allowing local attackers with elevated privileges to potentially unlock UEFI variables. This is made possible by a hard-coded SMI handler credential, which may be exploited to gain unauthorized access to sensitive firmware settings.",Lenovo,Notebook,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-08-23T19:43:17.503Z,0
CVE-2022-3743,https://securityvulnerability.io/vulnerability/CVE-2022-3743,Local Command Enumeration Vulnerability in Lenovo Consumer Notebook Models,"A vulnerability has been identified in the LCFC BIOS of certain Lenovo consumer notebook models, allowing a local attacker with elevated privileges to potentially enumerate Embedded Controller (EC) commands under specific conditions. This vulnerability could pose a risk if exploited, as it may enable unauthorized access to sensitive system commands and configurations.",Lenovo,Notebook,4.4,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-08-23T19:42:59.163Z,0
CVE-2022-3742,https://securityvulnerability.io/vulnerability/CVE-2022-3742,Buffer Validation Flaw in Lenovo Consumer Notebook BIOS,"A potential vulnerability exists in the LCFC BIOS of certain Lenovo consumer notebook models that could enable a local attacker with elevated privileges to execute arbitrary code. This issue arises from inadequate validation of buffer sizes, posing significant risks to system integrity and user security. For further information, please refer to Lenovo's official security advisory.",Lenovo,Notebook,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-08-23T19:42:15.848Z,0
CVE-2023-34419,https://securityvulnerability.io/vulnerability/CVE-2023-34419,Buffer Overflow Vulnerability in SetupUtility Driver for Lenovo Notebooks,"A buffer overflow vulnerability has been discovered in the SetupUtility driver affecting certain Lenovo Notebook models. This flaw may grant an attacker with local access and elevated permissions the ability to execute arbitrary code, potentially compromising the integrity of the system. Users are advised to implement security patches and follow best practices to mitigate risks associated with this vulnerability.",Lenovo,Lenovo Notebook,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-08-17T17:15:00.000Z,0
CVE-2023-4028,https://securityvulnerability.io/vulnerability/CVE-2023-4028,Buffer Overflow Flaw in Lenovo Notebook SystemUserMasterHddPwdDxe Driver,"A vulnerability exists in the SystemUserMasterHddPwdDxe driver used in certain Lenovo Notebook products, allowing a local attacker with elevated privileges to exploit a buffer overflow. This security issue could enable the execution of arbitrary code, potentially compromising system integrity and allowing further unauthorized actions.",Lenovo,Lenovo Notebook,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-08-17T17:15:00.000Z,0
CVE-2021-3972,https://securityvulnerability.io/vulnerability/CVE-2021-3972,Potential BIOS Vulnerability in Lenovo Notebook Devices,"A potential vulnerability exists in the BIOS of certain Lenovo Notebook devices, where a driver used during the manufacturing process was inadvertently left active. This flaw permits an attacker with elevated privileges to alter the secure boot settings by manipulating an NVRAM variable. Such modifications could compromise the integrity of the device’s boot process, leading to unauthorized access and potential exploitation.",Lenovo,Notebook BiOS,6.7,MEDIUM,0.0004400000034365803,false,,false,false,true,2022-04-21T10:25:32.000Z,true,false,false,,2022-04-22T20:30:40.000Z,0
CVE-2021-3971,https://securityvulnerability.io/vulnerability/CVE-2021-3971,Firmware Security Flaw in Lenovo Notebooks,"A security vulnerability in Lenovo Notebook devices arises from a driver associated with legacy manufacturing processes that was mistakenly included in the BIOS image. This flaw permits attackers with necessary privileges to alter the firmware protection region by modifying an NVRAM variable, potentially compromising the integrity and security of the affected systems. Users of impacted models are advised to implement available security updates promptly.",Lenovo,Notebook BiOS,6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-04-22T20:30:38.000Z,0
CVE-2021-3970,https://securityvulnerability.io/vulnerability/CVE-2021-3970,Insufficient Validation in Lenovo Notebook BIOS Allows Code Execution,"A potential security issue has been identified in the BIOS of certain Lenovo Notebook models, where insufficient validation in the LenovoVariable SMI Handler could permit an attacker with local access and elevated privileges to execute arbitrary code. This risk emphasizes the need for users to ensure their systems are updated and configured securely to prevent unauthorized code execution.",Lenovo,Notebook BiOS,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-04-22T20:30:37.000Z,0
CVE-2021-3786,https://securityvulnerability.io/vulnerability/CVE-2021-3786,Data Leakage Vulnerability in Lenovo Notebook and ThinkPad Systems,"A potential vulnerability exists within the SMI callback function utilized in the CSME configuration of select Lenovo Notebook and ThinkPad systems. This flaw could enable unauthorized data leaks out of the SMRAM range, which may expose sensitive information and compromise system integrity. Vigilance in system updates and patches is critical for users of the affected products.",Lenovo,Notebook And Thinkpad BiOS,4.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-11-12T22:05:41.000Z,0
CVE-2021-3614,https://securityvulnerability.io/vulnerability/CVE-2021-3614,Privilege Escalation Vulnerability in Lenovo Notebook Systems,"A vulnerability exists in specific Lenovo Notebook systems that may allow an attacker with physical access to exploit the system. This can occur during a BIOS update processed through Lenovo Vantage, potentially enabling unauthorized privilege elevation. Users and system administrators should take caution during BIOS updates and ensure that physical access to devices is restricted.",Lenovo,Notebook BiOS,6.4,MEDIUM,0.000699999975040555,false,,false,false,false,,,false,false,,2021-07-16T20:30:20.000Z,0
CVE-2017-3753,https://securityvulnerability.io/vulnerability/CVE-2017-3753,,"A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.",Lenovo,Desktop And Notebook BiOS,6.8,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2017-08-10T00:29:00.000Z,0
CVE-2017-3754,https://securityvulnerability.io/vulnerability/CVE-2017-3754,,Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code.,Lenovo,Lenovo Notebook BiOS,6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2017-07-17T19:29:00.000Z,0
CVE-2016-8224,https://securityvulnerability.io/vulnerability/CVE-2016-8224,,A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system.,Lenovo,"Lenovo Notebook Models 110-14ibr/110-15ibr, B70-80, E31-80, E40-80, E41-80, E51-80, G40-80, G50-80, G50-80 Touch, Ideapad 300-14ibr/300-15ibr, Ideapad 300-14isk/300-15isk/300-17isk, Ideapad 510s-12isk, K21-80, K41-80, Miix 710-12ikb , Xiaoxin Air 12, Yoga 510-14isk/510-15isk, Yoga 710-11ikb, Yoga 710-11isk, Yoga 900-13isk, Yoga 900s-12isk; Thinkserver Models Thinkserver Ts150, Thinkserver Ts450",4.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2016-11-29T20:00:00.000Z,0