← Back

Lenovo

lenovo

395 CVEs • 4,474 products

Products (4,474)

Click to collapse
Toggle
Thinkcentre M625q Firmware
thinkcentre_m625q_firmware
28 CVEs
Xclarity Administrator
xclarity_administrator
27 CVEs
Ideacentre 5 14iob6 Firmware
ideacentre_5-14iob6_firmware
27 CVEs
Ideacentre G5 14imb05 Firmware
ideacentre_g5-14imb05_firmware
27 CVEs
Ideacentre Gaming 5 14iob6 Firmware
ideacentre_gaming_5-14iob6_firmware
27 CVEs
Thinkcentre M75n Firmware
thinkcentre_m75n_firmware
27 CVEs
V50t 13imb Firmware
v50t-13imb_firmware
27 CVEs
Ideacentre 3 07imb05 Firmware
ideacentre_3-07imb05_firmware
26 CVEs
Ideacentre Creator 5 14iob6 Firmware
ideacentre_creator_5-14iob6_firmware
26 CVEs
Thinkcentre M75s Gen 2 Firmware
thinkcentre_m75s_gen_2_firmware
26 CVEs
Thinkcentre M75t Gen 2 Firmware
thinkcentre_m75t_gen_2_firmware
26 CVEs
V30a 22iml Firmware
v30a-22iml_firmware
26 CVEs
V50s 07imb Firmware
v50s-07imb_firmware
26 CVEs
Ideacentre C5 14imb05 Firmware
ideacentre_c5-14imb05_firmware
26 CVEs
Thinkcentre M80t Firmware
thinkcentre_m80t_firmware
25 CVEs
Thinkcentre M80s Firmware
thinkcentre_m80s_firmware
25 CVEs
Thinkcentre M90s Firmware
thinkcentre_m90s_firmware
25 CVEs
Thinkcentre M70c Firmware
thinkcentre_m70c_firmware
25 CVEs
Thinkcentre M70q Firmware
thinkcentre_m70q_firmware
25 CVEs
Thinkcentre M80q Firmware
thinkcentre_m80q_firmware
25 CVEs
Thinkcentre M90a Firmware
thinkcentre_m90a_firmware
25 CVEs
Thinkcentre M90q Tiny Firmware
thinkcentre_m90q_tiny_firmware
25 CVEs
V50a 24imb Firmware
v50a-24imb_firmware
25 CVEs
V50a 22imb Firmware
v50a-22imb_firmware
25 CVEs
Thinkedge Se30 Firmware
thinkedge_se30_firmware
25 CVEs
V30a 24iml Firmware
v30a-24iml_firmware
25 CVEs
Legion T7 34imz5 Firmware
legion_t7-34imz5_firmware
25 CVEs
Ideacentre 3 07ada05 Firmware
ideacentre_3-07ada05_firmware
25 CVEs
Ideacentre G5 14amr05 Firmware
ideacentre_g5-14amr05_firmware
25 CVEs
V55t Gen 2 13acn Firmware
v55t_gen_2_13acn_firmware
25 CVEs
Thinkcentre M90t Firmware
thinkcentre_m90t_firmware
24 CVEs
Thinkcentre M630e Firmware
thinkcentre_m630e_firmware
24 CVEs
Thinkcentre M70s Firmware
thinkcentre_m70s_firmware
24 CVEs
Thinkcentre M70t Firmware
thinkcentre_m70t_firmware
24 CVEs
Thinkcentre M75q Gen 2 Firmware
thinkcentre_m75q_gen_2_firmware
23 CVEs
Ideacentre 5 14imb05 Firmware
ideacentre_5-14imb05_firmware
22 CVEs
Ideacentre Mini 5 01imh05 Firmware
ideacentre_mini_5-01imh05_firmware
22 CVEs
Thinkstation P320 Workstation Firmware
thinkstation_p320_workstation_firmware
21 CVEs
Thinkstation P330 Workstation Firmware
thinkstation_p330_workstation_firmware
21 CVEs
Thinkstation P330 Workstation 2nd Gen Firmware
thinkstation_p330_workstation_2nd_gen_firmware
21 CVEs
Thinkstation P340 Tiny Workstation Firmware
thinkstation_p340_tiny_workstation_firmware
21 CVEs
Thinkstation P340 Workstation Firmware
thinkstation_p340_workstation_firmware
21 CVEs
Thinkstation P348 Workstation Firmware
thinkstation_p348_workstation_firmware
21 CVEs
Thinkstation P350 Workstation Firmware
thinkstation_p350_workstation_firmware
21 CVEs
Thinkstation P520 Workstation Firmware
thinkstation_p520_workstation_firmware
21 CVEs
Thinkstation P520c Workstation Firmware
thinkstation_p520c_workstation_firmware
21 CVEs
Thinkstation P720 Workstation Firmware
thinkstation_p720_workstation_firmware
21 CVEs
Thinkstation P920 Workstation Firmware
thinkstation_p920_workstation_firmware
21 CVEs
Ideacentre Mini 5 01iaq7 Firmware
ideacentre_mini_5_01iaq7_firmware
21 CVEs
Ideacentre Aio 3 27itl6 Firmware
ideacentre_aio_3-27itl6_firmware
20 CVEs
Ideacentre Aio 3 24itl6 Firmware
ideacentre_aio_3-24itl6_firmware
20 CVEs
Ideacentre Aio 3 22itl6 Firmware
ideacentre_aio_3-22itl6_firmware
20 CVEs
Ideacentre 5 14iab7 Firmware
ideacentre_5_14iab7_firmware
20 CVEs
Ideacentre 5 14acn6 Firmware
ideacentre_5-14acn6_firmware
20 CVEs
Ideacentre Gaming 5 17acn7 Firmware
ideacentre_gaming_5_17acn7_firmware
20 CVEs
Ideacentre Gaming 5 17iab7 Firmware
ideacentre_gaming_5_17iab7_firmware
20 CVEs
Ideacentre Gaming 5 14acn6 Firmware
ideacentre_gaming_5-14acn6_firmware
20 CVEs
Thinkcentre M920z All In One Firmware
thinkcentre_m920z_all-in-one_firmware
20 CVEs
V50t 13imh Firmware
v50t-13imh_firmware
20 CVEs
Thinkstation P360 Workstation Firmware
thinkstation_p360_workstation_firmware
20 CVEs
Thinkcentre M70q Gen 2 Firmware
thinkcentre_m70q_gen_2_firmware
19 CVEs
Thinkcentre M70s Gen 3 Firmware
thinkcentre_m70s_gen_3_firmware
19 CVEs
Thinkcentre M70t Gen 3 Firmware
thinkcentre_m70t_gen_3_firmware
19 CVEs
Thinkcentre M90q Gen 2 Firmware
thinkcentre_m90q_gen_2_firmware
19 CVEs
Pcmanager
pcmanager
18 CVEs
Ideacentre Aio 3 24iil5 Firmware
ideacentre_aio_3-24iil5_firmware
18 CVEs
Ideacentre Aio 3 22iil5 Firmware
ideacentre_aio_3-22iil5_firmware
18 CVEs
Thinkcentre M90a (gen 2) Firmware
thinkcentre_m90a_(gen_2)_firmware
18 CVEs
Thinkcentre Neo 50t Gen 3 Firmware
thinkcentre_neo_50t_gen_3_firmware
18 CVEs
Ideacentre T540 15ama G Firmware
ideacentre_t540-15ama_g_firmware
18 CVEs
Ideacentre Aio 3 24alc6 Firmware
ideacentre_aio_3-24alc6_firmware
17 CVEs
Ideacentre Aio 3 22imb05 Firmware
ideacentre_aio_3-22imb05_firmware
17 CVEs
Ideacentre Aio 3 24imb05 Firmware
ideacentre_aio_3-24imb05_firmware
17 CVEs
Ideacentre Aio 3 27imb05 Firmware
ideacentre_aio_3-27imb05_firmware
17 CVEs
Ideacentre Aio 3 21itl7 Firmware
ideacentre_aio_3_21itl7_firmware
17 CVEs
V30a 22itl Firmware
v30a-22itl_firmware
17 CVEs
V30a 24itl Firmware
v30a-24itl_firmware
17 CVEs
Thinkstation P350 Tiny Workstation Firmware
thinkstation_p350_tiny_workstation_firmware
16 CVEs
Thinkstation P360 Tiny Workstation Firmware
thinkstation_p360_tiny_workstation_firmware
16 CVEs
Ideacentre Aio 3 22iap7 Firmware
ideacentre_aio_3_22iap7_firmware
16 CVEs
Ideacentre Aio 3 24iap7 Firmware
ideacentre_aio_3_24iap7_firmware
16 CVEs
Ideacentre Aio 3 27iap7 Firmware
ideacentre_aio_3_27iap7_firmware
16 CVEs
Ideacentre Aio 5 24iah7 Firmware
ideacentre_aio_5_24iah7_firmware
16 CVEs
Ideacentre Aio 5 27iah7 Firmware
ideacentre_aio_5_27iah7_firmware
16 CVEs
Legion T7 34iaz7 Firmware
legion_t7-34iaz7_firmware
16 CVEs
Thinkcentre M80q Gen 3 Firmware
thinkcentre_m80q_gen_3_firmware
16 CVEs
Thinkcentre M80s Gen 3 Firmware
thinkcentre_m80s_gen_3_firmware
16 CVEs
Thinkcentre M80t Gen 3 Firmware
thinkcentre_m80t_gen_3_firmware
16 CVEs
Thinkcentre M90a Gen 3 Firmware
thinkcentre_m90a_gen_3_firmware
16 CVEs
Thinkcentre M90a Pro Gen 3 Firmware
thinkcentre_m90a_pro_gen_3_firmware
16 CVEs
Thinkcentre M90q Gen 3 Firmware
thinkcentre_m90q_gen_3_firmware
16 CVEs
Thinkcentre M90s Gen 3 Firmware
thinkcentre_m90s_gen_3_firmware
16 CVEs
Thinkcentre M90t Gen 3 Firmware
thinkcentre_m90t_gen_3_firmware
16 CVEs
Thinkcentre Neo 30a 22 Gen 3 Firmware
thinkcentre_neo_30a_22_gen_3_firmware
16 CVEs
Thinkcentre Neo 30a 24 Gen 3 Firmware
thinkcentre_neo_30a_24_gen_3_firmware
16 CVEs
Thinkcentre Neo 30a 27 Gen 3 Firmware
thinkcentre_neo_30a_27_gen_3_firmware
16 CVEs
Thinkcentre Neo 70t Gen 3 Firmware
thinkcentre_neo_70t_gen_3_firmware
16 CVEs
System Update
system_update
15 CVEs
Thinkstation P920 Firmware
thinkstation_p920_firmware
15 CVEs
Thinkcentre M920q Firmware
thinkcentre_m920q_firmware
15 CVEs

CVEs (395)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-42848
1Lenovo
5A1 Firmware
T1 FirmwareT2 Firmware+2 more
Nov 21, 2024
May 18, 2022
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details.
CVE-2021-3969
1Lenovo
1System Interface Foundation
Nov 21, 2024
May 18, 2022
N/A· v4
7.0 HIGH· v3
4.4 MEDIUM· v2
A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privilege...Show more
A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges.Show less
CVE-2021-3956
1Lenovo
1Xclarity Controller
Nov 21, 2024
May 18, 2022
N/A· v4
5.3 MEDIUM· v3
4.3 MEDIUM· v2
A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an L...Show more
A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only “authenticated bind” and/or “anonymous bind” are not affected.Show less
CVE-2021-3922
1Lenovo
1System Interface Foundation
Nov 21, 2024
May 18, 2022
N/A· v4
7.0 HIGH· v3
4.4 MEDIUM· v2
A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMCont...Show more
A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe.Show less
CVE-2022-1108
1Lenovo
1Thinkpad X1 Fold Gen 1 Firmware
Nov 21, 2024
Apr 22, 2022
N/A· v4
6.7 MEDIUM· v3
7.2 HIGH· v2
A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute a...Show more
A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code.Show less
CVE-2022-1107
1Lenovo
30Thinkpad 11e Firmware
Thinkpad 11e Yoga FirmwareThinkpad Helix Firmware+27 more
Nov 21, 2024
Apr 22, 2022
N/A· v4
6.7 MEDIUM· v3
7.2 HIGH· v2
During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privil...Show more
During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.Show less
CVE-2022-0636
1Lenovo
1Thin Installer
Nov 21, 2024
Apr 22, 2022
N/A· v4
5.5 MEDIUM· v3
4.9 MEDIUM· v2
A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash.
CVE-2022-0354
1Lenovo
1System Update
Jun 2, 2026
Apr 22, 2022
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update packa...Show more
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.Show less
CVE-2022-0192
1Lenovo
1Pcmanager
Nov 21, 2024
Apr 22, 2022
N/A· v4
7.8 HIGH· v3
4.4 MEDIUM· v2
A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation.
CVE-2021-4212
1Lenovo
62C340 14iml Firmware
C340 15iml FirmwareD330 10igm Firmware+59 more
Nov 21, 2024
Apr 22, 2022
N/A· v4
6.7 MEDIUM· v3
7.2 HIGH· v2
A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2021-4211
1Lenovo
53A340 22icb Firmware
A340 22ick FirmwareA340 24icb Firmware+50 more
Nov 21, 2024
Apr 22, 2022
N/A· v4
6.7 MEDIUM· v3
7.2 HIGH· v2
A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to exe...Show more
A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.Show less
CVE-2021-4210
1Lenovo
32A540 24icb Firmware
A540 27icb FirmwareIdeacentre 5 14imb05 Firmware+29 more
Nov 21, 2024
Apr 22, 2022
N/A· v4
6.7 MEDIUM· v3
7.2 HIGH· v2
A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitra...Show more
A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.Show less
CVE-2021-3972
1Lenovo
105Ideapad 3 14ada05 Firmware
Ideapad 3 14ada6 FirmwareIdeapad 3 14alc6 Firmware+102 more
Nov 21, 2024
Apr 22, 2022
N/A· v4
6.7 MEDIUM· v3
4.6 MEDIUM· v2
A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure b...Show more
A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.Show less
CVE-2021-3971
1Lenovo
73Ideapad 3 14ada05 Firmware
Ideapad 3 14ada6 FirmwareIdeapad 3 14alc6 Firmware+70 more
Nov 21, 2024
Apr 22, 2022
N/A· v4
6.7 MEDIUM· v3
4.6 MEDIUM· v2
A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to...Show more
A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.Show less
CVE-2021-3970
1Lenovo
105Ideapad 3 14ada05 Firmware
Ideapad 3 14ada6 FirmwareIdeapad 3 14alc6 Firmware+102 more
Nov 21, 2024
Apr 22, 2022
N/A· v4
6.7 MEDIUM· v3
7.2 HIGH· v2
A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2021-3897
2Ibm
Lenovo
5Nextscale Fan Power Controller Firmware
Nextscale N1200 Enclosure FirmwareThinkagile Hx Enclosure Certified Node Firmware+2 more
Nov 21, 2024
Apr 22, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated att...Show more
An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.Show less
CVE-2021-3849
2Ibm
Lenovo
5Nextscale Fan Power Controller Firmware
Nextscale N1200 Enclosure FirmwareThinkagile Hx Enclosure Certified Node Firmware+2 more
Nov 21, 2024
Apr 22, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to exe...Show more
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.Show less
CVE-2021-3722
1Lenovo
1Pcmanager
Nov 21, 2024
Apr 22, 2022
N/A· v4
5.0 MEDIUM· v3
4.7 MEDIUM· v2
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation.
CVE-2021-3721
1Lenovo
1Pcmanager
Nov 21, 2024
Apr 22, 2022
N/A· v4
5.5 MEDIUM· v3
4.9 MEDIUM· v2
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error.
CVE-2021-3843
1Lenovo
29Thinkpad 11e 3rd Gen Firmware
Thinkpad 11e 4th Gen Celeron FirmwareThinkpad 11e 4th Gen I3 Firmware+26 more
Nov 21, 2024
Nov 12, 2021
N/A· v4
6.7 MEDIUM· v3
7.2 HIGH· v2
A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.