cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-7756,https://securityvulnerability.io/vulnerability/CVE-2024-7756,ThinkPad L390 Yoga Vulnerability Could Lead to Privilege Escalation,A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell.,Lenovo,"10w (type 82st, 82su) Laptop (lenovo) BiOS,L390 (type 20nr, 20ns) Laptops (thinkpad) BiOS,L390 Yoga (type 20nt, 20nu) Laptops (thinkpad) BiOS",6.8,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-09-13T17:26:58.798Z,0
CVE-2023-5078,https://securityvulnerability.io/vulnerability/CVE-2023-5078,BIOS Firmware Tampering in Lenovo ThinkPad Devices,"A vulnerability identified in Lenovo ThinkPad BIOS allows physical or local attackers with elevated privileges to potentially tamper with the BIOS firmware. This poses a risk to the integrity of the system, as unauthorized modifications could lead to undesired behaviors or unauthorized access to sensitive information. Users are advised to review security advisories for updates and mitigate risks effectively.",Lenovo,Thinkpad BiOS,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-11-08T22:15:00.000Z,0
CVE-2022-4575,https://securityvulnerability.io/vulnerability/CVE-2022-4575,Improper Write Protection in ThinkPad BIOS Affects Lenovo Devices,"Improper write protection of UEFI variables in the BIOS of select Lenovo ThinkPad models may allow attackers with physical or local access to exploit the system. This vulnerability can enable the bypassing of Secure Boot, potentially leading to unauthorized modifications or the execution of malicious code on affected devices. Users are advised to ensure that their systems are routinely updated and to follow recommended security practices to mitigate this risk.",Lenovo,Thinkpad BiOS,6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-30T14:42:29.795Z,0
CVE-2022-48189,https://securityvulnerability.io/vulnerability/CVE-2022-48189,Input Validation Flaw in BIOS of Lenovo ThinkPad Models,An input validation flaw in the System Management Mode (SMM) driver within the BIOS of specific Lenovo ThinkPad models allows a local attacker with elevated privileges to execute arbitrary code. This vulnerability poses a risk to system integrity and could lead to unauthorized access or manipulation of system resources.,Lenovo,Thinkpad BiOS,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-30T14:39:23.160Z,0
CVE-2022-4574,https://securityvulnerability.io/vulnerability/CVE-2022-4574,Input Validation Flaw in BIOS of ThinkPad Laptops by Lenovo,An input validation flaw in the SMI handler of the BIOS present in specific Lenovo ThinkPad models may permit an attacker with local access and elevated privileges to execute arbitrary code. This vulnerability could potentially compromise system integrity and allow unauthorized actions by exploiting the SMI handler.,Lenovo,Thinkpad BiOS,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-30T14:36:23.273Z,0
CVE-2022-4573,https://securityvulnerability.io/vulnerability/CVE-2022-4573,Input Validation Vulnerability in Lenovo ThinkPad X1 Fold Gen 1,An input validation vulnerability within the SMI handler of the Lenovo ThinkPad X1 Fold Gen 1 allows attackers with local access and elevated privileges to execute arbitrary code. This security flaw poses a significant risk as it could potentially enable exploitation by malicious actors aiming to manipulate system operations.,Lenovo,Thinkpad X1 Fold Gen 1,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-30T14:34:32.525Z,0
CVE-2022-48183,https://securityvulnerability.io/vulnerability/CVE-2022-48183,BIOS Tamper Detection Issue in ThinkPad T14s Gen 3 and X13 Gen 3 by Lenovo,"A vulnerability has been identified in Lenovo's ThinkPad T14s Gen 3 and X13 Gen 3 that affects the BIOS tamper detection mechanism. Under specific conditions, this issue may prevent the mechanism from triggering as intended, which could potentially grant unauthorized access to the system. Users are advised to remain vigilant and apply necessary updates to mitigate the risks associated with this vulnerability.",Lenovo,"Thinkpad T14s X13 Gen3 BiOS - Windows,Thinkpad X13 Gen3 BiOS - Windows,Thinkpad T14s Gen 3 BiOS - Linux,Thinkpad X13 Gen3 BiOS - Linux",6.1,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-10-09T20:56:44.367Z,0
CVE-2022-48182,https://securityvulnerability.io/vulnerability/CVE-2022-48182,BIOS Tamper Detection Flaw in Lenovo ThinkPad T14s Gen 3 and X13 Gen 3,"A reported vulnerability in Lenovo's ThinkPad T14s Gen 3 and X13 Gen 3 models could prevent the BIOS tamper detection mechanism from triggering under certain conditions. This oversight may leave systems exposed to unauthorized access, potentially allowing attackers to bypass crucial security safeguards. Users of these models should review best practices for securing their devices and remain vigilant for updates from Lenovo.",Lenovo,"Thinkpad T14s X13 Gen3 BiOS - Windows,Thinkpad X13 Gen3 BiOS - Windows,Thinkpad T14s Gen 3 BiOS - Linux,Thinkpad X13 Gen3 BiOS - Linux",6.1,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-10-09T20:55:55.993Z,0
CVE-2022-3728,https://securityvulnerability.io/vulnerability/CVE-2022-3728,BIOS Tamper Detection Issue in Lenovo ThinkPad T14s Gen 3 and X13 Gen 3,"A vulnerability exists in Lenovo’s ThinkPad T14s Gen 3 and X13 Gen 3 models, where the BIOS tamper detection feature may fail to activate under certain conditions. This lapse could potentially allow unauthorized access, posing a significant security risk. Users of these devices should ensure their BIOS is updated to the latest version to mitigate this issue. For further details and guidance, refer to Lenovo's official security support page.",Lenovo,"Thinkpad T14s Gen 3 BiOS,Thinkpad X13 Gen3 BiOS",6.1,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-10-09T20:48:31.533Z,0
CVE-2023-4030,https://securityvulnerability.io/vulnerability/CVE-2023-4030,BIOS Recovery Issue in Lenovo ThinkPad Systems,"A vulnerability affecting the BIOS of certain Lenovo ThinkPad models has been identified, which poses a risk of system recovery to insecure settings in the event of BIOS corruption. Affected models include the ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2. This issue could potentially expose systems to enhanced security threats, emphasizing the importance of ensuring BIOS integrity to maintain protection against vulnerabilities.",Lenovo,Thinkpad,8.4,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-08-17T17:15:00.000Z,0
CVE-2023-4029,https://securityvulnerability.io/vulnerability/CVE-2023-4029,Buffer Overflow Vulnerability in Lenovo ThinkPad BoardUpdateAcpiDxe Driver,"A buffer overflow vulnerability has been discovered in the BoardUpdateAcpiDxe driver present in certain Lenovo ThinkPad devices. This flaw can potentially be exploited by attackers with local access and elevated privileges, enabling them to execute arbitrary code. Proper attention to this vulnerability is critical for maintaining the security and integrity of affected systems.",Lenovo,Thinkpad,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-08-17T17:15:00.000Z,0
CVE-2023-2290,https://securityvulnerability.io/vulnerability/CVE-2023-2290,Local Code Execution Vulnerability in LenovoFlashDeviceInterface by Lenovo,A potential security vulnerability exists within the LenovoFlashDeviceInterface SMI handler that could allow an attacker with local access and elevated privileges to execute arbitrary code. This could lead to the compromise of system integrity and unauthorized access to sensitive data. Users are urged to stay informed and apply any security updates provided by Lenovo to mitigate this risk.,Lenovo,Thinkpad,6.4,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-06-26T20:15:00.000Z,0
CVE-2022-4569,https://securityvulnerability.io/vulnerability/CVE-2022-4569,Local Privilege Escalation in ThinkPad Hybrid USB-C Dock Firmware Tool from Lenovo,"A vulnerability exists in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool that allows a user with local access to execute malicious code with elevated privileges during the installation or upgrade of the firmware. If compromised, this vulnerability could enable an attacker to gain increased control over the system, potentially leading to unauthorized access and further exploitation of the device.",Lenovo,Thinkpad Hybrid Usb-c With Usb-a Dock Firmware Update Tool,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-06-05T20:59:26.019Z,0
CVE-2022-4435,https://securityvulnerability.io/vulnerability/CVE-2022-4435,Buffer Over-Read Vulnerability in ThinkPad BIOS by Lenovo,"A buffer over-read vulnerability was identified in the BIOS of the ThinkPad X13s, specifically within the Lenovo Remote Config Update Dxe driver. An attacker with local access and elevated privileges could exploit this weakness to gain unauthorized access to sensitive information, potentially leading to severe security compromises.",Lenovo,Thinkpad X13s,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-01-05T17:33:08.775Z,0
CVE-2022-4434,https://securityvulnerability.io/vulnerability/CVE-2022-4434,Buffer Over-read Vulnerability in ThinkPadX13s BIOS Driver by Lenovo,"A buffer over-read vulnerability exists in the BIOS driver of Lenovo's ThinkPadX13s. This flaw may enable a local attacker with elevated privileges to access sensitive information, potentially leading to unauthorized data exposure. Addressing this vulnerability is critical for maintaining data integrity and protecting against security risks associated with elevated access.",Lenovo,Thinkpad X13s,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-01-05T17:32:58.029Z,0
CVE-2022-4433,https://securityvulnerability.io/vulnerability/CVE-2022-4433,Buffer Over-read Vulnerability in Lenovo ThinkPad X13s BIOS Driver,"A buffer over-read vulnerability was discovered in the BIOS driver of the Lenovo ThinkPad X13s, specifically in the LenovoSetupConfigDxe component. This flaw could enable a local attacker with appropriate privileges to access sensitive information, potentially leading to unauthorized data exposure. Lenovo has released guidance and patches to mitigate this vulnerability, and users are recommended to upgrade their BIOS to the latest version to protect against potential attacks.",Lenovo,Thinkpad X13s,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-01-05T17:32:48.186Z,0
CVE-2022-4432,https://securityvulnerability.io/vulnerability/CVE-2022-4432,Buffer Over-Read Vulnerability in Lenovo ThinkPad BIOS Driver,"A buffer over-read vulnerability has been identified in the BIOS PersistenceConfigDxe driver of the Lenovo ThinkPadX13s. This flaw could potentially enable local attackers with elevated privileges to exploit the vulnerability and gain unauthorized access to sensitive information, raising significant security concerns for users of this device.",Lenovo,Thinkpad X13s,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-01-05T17:32:37.111Z,0
CVE-2022-1108,https://securityvulnerability.io/vulnerability/CVE-2022-1108,Improper Buffer Validation in Lenovo Flash Device Interface for ThinkPad,"A vulnerability exists in the Lenovo Flash Device Interface within the ThinkPad X1 Fold Gen 1, where improper buffer validation can be exploited. An attacker with local access and elevated privileges could potentially execute arbitrary code, posing significant risks to system integrity and security.",Lenovo,Thinkpad Bios,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-04-22T20:30:51.000Z,0
CVE-2022-1107,https://securityvulnerability.io/vulnerability/CVE-2022-1107,Vulnerability in ThinkPad Models Due to Boot Services in SMI Handler,"A potential vulnerability has been identified in certain models of Lenovo ThinkPad laptops, linked to the use of Boot Services within the SmmOEMInt15 System Management Interrupt (SMI) handler. An attacker with elevated privileges could exploit this vulnerability to execute arbitrary code, posing a significant risk to system integrity and security.",Lenovo,ThinkPad BIOS,6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-04-22T20:30:50.000Z,0
CVE-2021-3843,https://securityvulnerability.io/vulnerability/CVE-2021-3843,Local Code Execution Vulnerability in ThinkPad Models by Lenovo,"A potential security vulnerability exists in the System Management Interface (SMI) function related to EEPROM access on certain ThinkPad models by Lenovo. This weakness may allow an attacker with local access and elevated privileges to execute arbitrary code, potentially compromising the integrity and confidentiality of the system. Immediate action is advisable to mitigate potential risks associated with this vulnerability.",Lenovo,Thinkpad BiOS,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-11-12T22:05:56.000Z,0
CVE-2021-3786,https://securityvulnerability.io/vulnerability/CVE-2021-3786,Data Leakage Vulnerability in Lenovo Notebook and ThinkPad Systems,"A potential vulnerability exists within the SMI callback function utilized in the CSME configuration of select Lenovo Notebook and ThinkPad systems. This flaw could enable unauthorized data leaks out of the SMRAM range, which may expose sensitive information and compromise system integrity. Vigilance in system updates and patches is critical for users of the affected products.",Lenovo,Notebook And Thinkpad BiOS,4.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-11-12T22:05:41.000Z,0
CVE-2021-3718,https://securityvulnerability.io/vulnerability/CVE-2021-3718,Denial of Service Vulnerability in Lenovo ThinkPad Models,"A vulnerability exists in various Lenovo ThinkPad models that can lead to a denial of service, causing the system to become unresponsive. This issue is triggered when the Enhanced Biometrics feature is enabled in the BIOS settings. Users of affected ThinkPad models should take caution and review their BIOS configuration to mitigate potential disruptions in system performance.",Lenovo,Thinkpad BiOS,4.3,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2021-11-12T22:05:34.000Z,0
CVE-2021-3599,https://securityvulnerability.io/vulnerability/CVE-2021-3599,Local Code Execution Vulnerability in Lenovo ThinkPad Products,"A potential vulnerability has been identified in the SMI (System Management Interrupt) callback function utilized for accessing flash devices in select Lenovo ThinkPad models. This flaw could potentially allow an attacker, having local access along with elevated privileges, to execute arbitrary code on the affected systems. Proper mitigation strategies should be implemented to safeguard against unauthorized access and exploitation of this vulnerability.",Lenovo,Thinkpad BiOS,6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-11-12T22:05:33.000Z,0
CVE-2021-3452,https://securityvulnerability.io/vulnerability/CVE-2021-3452,Local Code Execution Flaw in Lenovo ThinkPad Models,"A potential vulnerability exists in the system shutdown SMI callback function within certain Lenovo ThinkPad models. This flaw may allow an attacker with local access and elevated privileges to execute arbitrary code, potentially compromising system integrity. Users are urged to review their security posture and apply necessary updates to mitigate risks associated with this vulnerability.",Lenovo,Thinkpad BiOS,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-07-16T20:30:16.000Z,0
CVE-2020-8350,https://securityvulnerability.io/vulnerability/CVE-2020-8350,Authentication Bypass Vulnerability in Lenovo ThinkPad Stack Wireless Router,"An authentication bypass vulnerability in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 has been identified. This flaw could potentially allow unauthorized access, leading to escalation of privileges within the affected system. Users of the router should be aware of this security risk and seek to apply any available updates to mitigate potential threats associated with this vulnerability.",Lenovo,Thinkpad Stack Wireless Router Firmware,8.8,HIGH,0.0006799999973736703,false,,false,false,false,,,false,false,,2020-10-14T21:25:21.000Z,0