Lenovo: Security Vulnerabilities
A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.
CVSS Score
8.8
EPSS Score
0.0
Published
2022-05-18
A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account.
CVSS Score
6.3
EPSS Score
0.004
Published
2022-05-18
A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device.
CVSS Score
8.0
EPSS Score
0.001
Published
2022-05-18
A buffer overflow vulnerability in Lenovo Smart Standby Driver prior to version 4.1.50.0 could allow a local attacker to cause denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-05-18
A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-05-18
A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS Score
6.7
EPSS Score
0.0
Published
2022-04-22
A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS Score
6.7
EPSS Score
0.0
Published
2022-04-22
A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation.
CVSS Score
7.3
EPSS Score
0.001
Published
2022-04-22
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.
CVSS Score
7.3
EPSS Score
0.001
Published
2022-04-22
A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash.
CVSS Score
5.0
EPSS Score
0.0
Published
2022-04-22