Lenovo: Security Vulnerabilities
A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-05-18
An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-05-18
A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access.
CVSS Score
6.8
EPSS Score
0.0
Published
2022-05-18
A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.
CVSS Score
8.8
EPSS Score
0.0
Published
2022-05-18
A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account.
CVSS Score
6.3
EPSS Score
0.002
Published
2022-05-18
A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device.
CVSS Score
8.0
EPSS Score
0.001
Published
2022-05-18
A buffer overflow vulnerability in Lenovo Smart Standby Driver prior to version 4.1.50.0 could allow a local attacker to cause denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-05-18
A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-05-18
A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS Score
6.7
EPSS Score
0.0
Published
2022-04-22
A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS Score
6.7
EPSS Score
0.001
Published
2022-04-22