Lenovo

Thinkpad X1 Yoga Firmware

12 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2019-19705

  • EPSS 0.04%
  • Published 26.12.2022 21:15:10
  • Last modified 14.04.2025 17:15:22

Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading.

7.2

CVE-2022-1107

  • EPSS 0.03%
  • Published 22.04.2022 21:15:10
  • Last modified 21.11.2024 06:40:03

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for exec...

6

CVE-2019-18618

  • EPSS 0.37%
  • Published 22.07.2020 14:15:14
  • Last modified 21.11.2024 04:33:22

Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data...

7.8

CVE-2019-18619

  • EPSS 0.14%
  • Published 22.07.2020 14:15:14
  • Last modified 21.11.2024 04:33:22

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data...

6.8

CVE-2020-8320

  • EPSS 0.05%
  • Published 09.06.2020 20:15:22
  • Last modified 21.11.2024 05:38:42

An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.

6.7

CVE-2020-8323

  • EPSS 0.05%
  • Published 09.06.2020 20:15:22
  • Last modified 21.11.2024 05:38:42

A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.

6.4

CVE-2019-6170

  • EPSS 0.07%
  • Published 12.11.2019 21:15:12
  • Last modified 21.11.2024 04:46:04

A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.

6.4

CVE-2019-6172

  • EPSS 0.09%
  • Published 12.11.2019 21:15:12
  • Last modified 21.11.2024 04:46:05

A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution.

9.8

CVE-2019-6188

  • EPSS 0.62%
  • Published 12.11.2019 21:15:12
  • Last modified 21.11.2024 04:46:07

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access.

6.8

CVE-2019-10724

  • EPSS 0.31%
  • Published 29.08.2019 00:15:10
  • Last modified 21.11.2024 04:19:48

There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions: Legion Y520T_Z370 6.0.1.8642, ...