← Back

Lenovo

lenovo

395 CVEs • 4,474 products

Products (4,474)

Click to collapse
Toggle
Thinkcentre M625q Firmware
thinkcentre_m625q_firmware
28 CVEs
Xclarity Administrator
xclarity_administrator
27 CVEs
Ideacentre 5 14iob6 Firmware
ideacentre_5-14iob6_firmware
27 CVEs
Ideacentre G5 14imb05 Firmware
ideacentre_g5-14imb05_firmware
27 CVEs
Ideacentre Gaming 5 14iob6 Firmware
ideacentre_gaming_5-14iob6_firmware
27 CVEs
Thinkcentre M75n Firmware
thinkcentre_m75n_firmware
27 CVEs
V50t 13imb Firmware
v50t-13imb_firmware
27 CVEs
Ideacentre 3 07imb05 Firmware
ideacentre_3-07imb05_firmware
26 CVEs
Ideacentre Creator 5 14iob6 Firmware
ideacentre_creator_5-14iob6_firmware
26 CVEs
Thinkcentre M75s Gen 2 Firmware
thinkcentre_m75s_gen_2_firmware
26 CVEs
Thinkcentre M75t Gen 2 Firmware
thinkcentre_m75t_gen_2_firmware
26 CVEs
V30a 22iml Firmware
v30a-22iml_firmware
26 CVEs
V50s 07imb Firmware
v50s-07imb_firmware
26 CVEs
Ideacentre C5 14imb05 Firmware
ideacentre_c5-14imb05_firmware
26 CVEs
Thinkcentre M80t Firmware
thinkcentre_m80t_firmware
25 CVEs
Thinkcentre M80s Firmware
thinkcentre_m80s_firmware
25 CVEs
Thinkcentre M90s Firmware
thinkcentre_m90s_firmware
25 CVEs
Thinkcentre M70c Firmware
thinkcentre_m70c_firmware
25 CVEs
Thinkcentre M70q Firmware
thinkcentre_m70q_firmware
25 CVEs
Thinkcentre M80q Firmware
thinkcentre_m80q_firmware
25 CVEs
Thinkcentre M90a Firmware
thinkcentre_m90a_firmware
25 CVEs
Thinkcentre M90q Tiny Firmware
thinkcentre_m90q_tiny_firmware
25 CVEs
V50a 24imb Firmware
v50a-24imb_firmware
25 CVEs
V50a 22imb Firmware
v50a-22imb_firmware
25 CVEs
Thinkedge Se30 Firmware
thinkedge_se30_firmware
25 CVEs
V30a 24iml Firmware
v30a-24iml_firmware
25 CVEs
Legion T7 34imz5 Firmware
legion_t7-34imz5_firmware
25 CVEs
Ideacentre 3 07ada05 Firmware
ideacentre_3-07ada05_firmware
25 CVEs
Ideacentre G5 14amr05 Firmware
ideacentre_g5-14amr05_firmware
25 CVEs
V55t Gen 2 13acn Firmware
v55t_gen_2_13acn_firmware
25 CVEs
Thinkcentre M90t Firmware
thinkcentre_m90t_firmware
24 CVEs
Thinkcentre M630e Firmware
thinkcentre_m630e_firmware
24 CVEs
Thinkcentre M70s Firmware
thinkcentre_m70s_firmware
24 CVEs
Thinkcentre M70t Firmware
thinkcentre_m70t_firmware
24 CVEs
Thinkcentre M75q Gen 2 Firmware
thinkcentre_m75q_gen_2_firmware
23 CVEs
Ideacentre 5 14imb05 Firmware
ideacentre_5-14imb05_firmware
22 CVEs
Ideacentre Mini 5 01imh05 Firmware
ideacentre_mini_5-01imh05_firmware
22 CVEs
Thinkstation P320 Workstation Firmware
thinkstation_p320_workstation_firmware
21 CVEs
Thinkstation P330 Workstation Firmware
thinkstation_p330_workstation_firmware
21 CVEs
Thinkstation P330 Workstation 2nd Gen Firmware
thinkstation_p330_workstation_2nd_gen_firmware
21 CVEs
Thinkstation P340 Tiny Workstation Firmware
thinkstation_p340_tiny_workstation_firmware
21 CVEs
Thinkstation P340 Workstation Firmware
thinkstation_p340_workstation_firmware
21 CVEs
Thinkstation P348 Workstation Firmware
thinkstation_p348_workstation_firmware
21 CVEs
Thinkstation P350 Workstation Firmware
thinkstation_p350_workstation_firmware
21 CVEs
Thinkstation P520 Workstation Firmware
thinkstation_p520_workstation_firmware
21 CVEs
Thinkstation P520c Workstation Firmware
thinkstation_p520c_workstation_firmware
21 CVEs
Thinkstation P720 Workstation Firmware
thinkstation_p720_workstation_firmware
21 CVEs
Thinkstation P920 Workstation Firmware
thinkstation_p920_workstation_firmware
21 CVEs
Ideacentre Mini 5 01iaq7 Firmware
ideacentre_mini_5_01iaq7_firmware
21 CVEs
Ideacentre Aio 3 27itl6 Firmware
ideacentre_aio_3-27itl6_firmware
20 CVEs
Ideacentre Aio 3 24itl6 Firmware
ideacentre_aio_3-24itl6_firmware
20 CVEs
Ideacentre Aio 3 22itl6 Firmware
ideacentre_aio_3-22itl6_firmware
20 CVEs
Ideacentre 5 14iab7 Firmware
ideacentre_5_14iab7_firmware
20 CVEs
Ideacentre 5 14acn6 Firmware
ideacentre_5-14acn6_firmware
20 CVEs
Ideacentre Gaming 5 17acn7 Firmware
ideacentre_gaming_5_17acn7_firmware
20 CVEs
Ideacentre Gaming 5 17iab7 Firmware
ideacentre_gaming_5_17iab7_firmware
20 CVEs
Ideacentre Gaming 5 14acn6 Firmware
ideacentre_gaming_5-14acn6_firmware
20 CVEs
Thinkcentre M920z All In One Firmware
thinkcentre_m920z_all-in-one_firmware
20 CVEs
V50t 13imh Firmware
v50t-13imh_firmware
20 CVEs
Thinkstation P360 Workstation Firmware
thinkstation_p360_workstation_firmware
20 CVEs
Thinkcentre M70q Gen 2 Firmware
thinkcentre_m70q_gen_2_firmware
19 CVEs
Thinkcentre M70s Gen 3 Firmware
thinkcentre_m70s_gen_3_firmware
19 CVEs
Thinkcentre M70t Gen 3 Firmware
thinkcentre_m70t_gen_3_firmware
19 CVEs
Thinkcentre M90q Gen 2 Firmware
thinkcentre_m90q_gen_2_firmware
19 CVEs
Pcmanager
pcmanager
18 CVEs
Ideacentre Aio 3 24iil5 Firmware
ideacentre_aio_3-24iil5_firmware
18 CVEs
Ideacentre Aio 3 22iil5 Firmware
ideacentre_aio_3-22iil5_firmware
18 CVEs
Thinkcentre M90a (gen 2) Firmware
thinkcentre_m90a_(gen_2)_firmware
18 CVEs
Thinkcentre Neo 50t Gen 3 Firmware
thinkcentre_neo_50t_gen_3_firmware
18 CVEs
Ideacentre T540 15ama G Firmware
ideacentre_t540-15ama_g_firmware
18 CVEs
Ideacentre Aio 3 24alc6 Firmware
ideacentre_aio_3-24alc6_firmware
17 CVEs
Ideacentre Aio 3 22imb05 Firmware
ideacentre_aio_3-22imb05_firmware
17 CVEs
Ideacentre Aio 3 24imb05 Firmware
ideacentre_aio_3-24imb05_firmware
17 CVEs
Ideacentre Aio 3 27imb05 Firmware
ideacentre_aio_3-27imb05_firmware
17 CVEs
Ideacentre Aio 3 21itl7 Firmware
ideacentre_aio_3_21itl7_firmware
17 CVEs
V30a 22itl Firmware
v30a-22itl_firmware
17 CVEs
V30a 24itl Firmware
v30a-24itl_firmware
17 CVEs
Thinkstation P350 Tiny Workstation Firmware
thinkstation_p350_tiny_workstation_firmware
16 CVEs
Thinkstation P360 Tiny Workstation Firmware
thinkstation_p360_tiny_workstation_firmware
16 CVEs
Ideacentre Aio 3 22iap7 Firmware
ideacentre_aio_3_22iap7_firmware
16 CVEs
Ideacentre Aio 3 24iap7 Firmware
ideacentre_aio_3_24iap7_firmware
16 CVEs
Ideacentre Aio 3 27iap7 Firmware
ideacentre_aio_3_27iap7_firmware
16 CVEs
Ideacentre Aio 5 24iah7 Firmware
ideacentre_aio_5_24iah7_firmware
16 CVEs
Ideacentre Aio 5 27iah7 Firmware
ideacentre_aio_5_27iah7_firmware
16 CVEs
Legion T7 34iaz7 Firmware
legion_t7-34iaz7_firmware
16 CVEs
Thinkcentre M80q Gen 3 Firmware
thinkcentre_m80q_gen_3_firmware
16 CVEs
Thinkcentre M80s Gen 3 Firmware
thinkcentre_m80s_gen_3_firmware
16 CVEs
Thinkcentre M80t Gen 3 Firmware
thinkcentre_m80t_gen_3_firmware
16 CVEs
Thinkcentre M90a Gen 3 Firmware
thinkcentre_m90a_gen_3_firmware
16 CVEs
Thinkcentre M90a Pro Gen 3 Firmware
thinkcentre_m90a_pro_gen_3_firmware
16 CVEs
Thinkcentre M90q Gen 3 Firmware
thinkcentre_m90q_gen_3_firmware
16 CVEs
Thinkcentre M90s Gen 3 Firmware
thinkcentre_m90s_gen_3_firmware
16 CVEs
Thinkcentre M90t Gen 3 Firmware
thinkcentre_m90t_gen_3_firmware
16 CVEs
Thinkcentre Neo 30a 22 Gen 3 Firmware
thinkcentre_neo_30a_22_gen_3_firmware
16 CVEs
Thinkcentre Neo 30a 24 Gen 3 Firmware
thinkcentre_neo_30a_24_gen_3_firmware
16 CVEs
Thinkcentre Neo 30a 27 Gen 3 Firmware
thinkcentre_neo_30a_27_gen_3_firmware
16 CVEs
Thinkcentre Neo 70t Gen 3 Firmware
thinkcentre_neo_70t_gen_3_firmware
16 CVEs
System Update
system_update
15 CVEs
Thinkstation P920 Firmware
thinkstation_p920_firmware
15 CVEs
Thinkcentre M920q Firmware
thinkcentre_m920q_firmware
15 CVEs

CVEs (395)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-2992
1Lenovo
8Nextscale N1200 Enclosure Firmware
Thinkagile Cp Cb 10 FirmwareThinkagile Cp Cb 10e Firmware+5 more
Nov 21, 2024
Jun 26, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
An unauthenticated  denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management...Show more
An unauthenticated  denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.Show less
CVE-2023-2290
1Lenovo
85Thinkpad E14 Firmware
Thinkpad E14 Gen 2 FirmwareThinkpad E14 Gen 4 Firmware+82 more
Nov 21, 2024
Jun 26, 2023
N/A· v4
6.7 MEDIUM· v3
N/A· v2
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2022-48188
1Lenovo
27Ideacentre 510s 07icb Firmware
Ideacentre 510s 07ick FirmwareIdeacentre 720 18apr Firmware+24 more
Nov 21, 2024
Jun 5, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.
CVE-2022-48181
1Lenovo
114Ideacentre 3 07ada05 Firmware
Ideacentre 3 07imb05 FirmwareIdeacentre 3 07ach7 Firmware+111 more
Nov 21, 2024
Jun 5, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code.
CVE-2022-4569
1Lenovo
1Thinkpad Hybrid Usb C With Usb A Dock Firmware
Nov 21, 2024
Jun 5, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade o...Show more
A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation.Show less
CVE-2023-25492
1Lenovo
109Thinkagile Hx1021 Firmware
Thinkagile Hx1320 FirmwareThinkagile Hx1321 Firmware+106 more
Nov 21, 2024
May 1, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.
CVE-2023-0683
1Lenovo
109Thinkagile Hx1021 Firmware
Thinkagile Hx1320 FirmwareThinkagile Hx1321 Firmware+106 more
Nov 21, 2024
May 1, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.
CVE-2022-4568
1Lenovo
1System Update
Jan 30, 2025
May 1, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.
CVE-2022-48186
1Lenovo
1Baiying
Jan 30, 2025
May 1, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure.
CVE-2023-0896
1Lenovo
1Smart Clock Essential With Alexa Built In Firmware
Nov 21, 2024
May 1, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access.
CVE-2023-29056
1Lenovo
109Thinkagile Hx1021 Firmware
Thinkagile Hx1320 FirmwareThinkagile Hx1321 Firmware+106 more
Nov 21, 2024
Apr 28, 2023
N/A· v4
5.9 MEDIUM· v3
N/A· v2
A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have t...Show more
A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined.Show less
CVE-2023-25496
1Lenovo
1Drivers Management
Nov 21, 2024
Apr 28, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges.
CVE-2023-25495
1Lenovo
109Thinkagile Hx1021 Firmware
Thinkagile Hx1320 FirmwareThinkagile Hx1321 Firmware+106 more
Nov 21, 2024
Apr 28, 2023
N/A· v4
4.9 MEDIUM· v3
N/A· v2
A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposu...Show more
A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configuredShow less
CVE-2023-29058
1Lenovo
109Thinkagile Hx1021 Firmware
Thinkagile Hx1320 FirmwareThinkagile Hx1321 Firmware+106 more
Nov 21, 2024
Apr 28, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no...Show more
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.Show less
CVE-2023-29057
1Lenovo
109Thinkagile Hx1021 Firmware
Thinkagile Hx1320 FirmwareThinkagile Hx1321 Firmware+106 more
Nov 21, 2024
Apr 28, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentica...Show more
A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”.Show less
CVE-2022-40137
1Lenovo
287Ideacentre 3 07ada05 Firmware
Ideacentre 3 07imb05 FirmwareIdeacentre 3 07iab7 Firmware+284 more
Nov 21, 2024
Jan 30, 2023
N/A· v4
6.7 MEDIUM· v3
N/A· v2
A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2022-40136
1Lenovo
147Ideacentre 3 07ada05 Firmware
Ideacentre 3 07imb05 FirmwareIdeacentre 3 07iab7 Firmware+144 more
Nov 21, 2024
Jan 30, 2023
N/A· v4
4.4 MEDIUM· v3
N/A· v2
An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
CVE-2022-40135
1Lenovo
136Ideacentre 3 07ada05 Firmware
Ideacentre 3 07imb05 FirmwareIdeacentre 3 07iab7 Firmware+133 more
Nov 21, 2024
Jan 30, 2023
N/A· v4
4.4 MEDIUM· v3
N/A· v2
An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
CVE-2022-40134
1Lenovo
325Ideacentre 3 07ada05 Firmware
Ideacentre 3 07imb05 FirmwareIdeacentre 3 07iab7 Firmware+322 more
Nov 21, 2024
Jan 30, 2023
N/A· v4
4.4 MEDIUM· v3
N/A· v2
An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
CVE-2022-34888
1Lenovo
98Thinkagile Hx1021 Firmware
Thinkagile Hx1320 FirmwareThinkagile Hx1321 Firmware+95 more
Nov 21, 2024
Jan 30, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, rem...Show more
The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect.Show less