Summary
| Detail | |||
|---|---|---|---|
| Vendor | Lenovo | First view | 2023-11-08 |
| Product | Legion t5 26Iab7 Firmware | Last view | 2023-11-08 |
| Version | Type | Os | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:o:lenovo:legion_t5_26iab7_firmware:*:*:*:*:*:*:*:* | 15 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.7 | 2023-11-08 | CVE-2023-43581 | A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| 6.7 | 2023-11-08 | CVE-2023-43580 | A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| 6.7 | 2023-11-08 | CVE-2023-43579 | A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| 6.7 | 2023-11-08 | CVE-2023-43578 | A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| 6.7 | 2023-11-08 | CVE-2023-43577 | A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| 6.7 | 2023-11-08 | CVE-2023-43576 | A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| 6.7 | 2023-11-08 | CVE-2023-43575 | A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| 4.4 | 2023-11-08 | CVE-2023-43574 | A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. |
| 6.7 | 2023-11-08 | CVE-2023-43573 | A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| 4.4 | 2023-11-08 | CVE-2023-43572 | A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. |
| 6.7 | 2023-11-08 | CVE-2023-43571 | A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| 6.7 | 2023-11-08 | CVE-2023-43570 | A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code. |
| 6.7 | 2023-11-08 | CVE-2023-43569 | A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| 4.4 | 2023-11-08 | CVE-2023-43568 | A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. |
| 6.7 | 2023-11-08 | CVE-2023-43567 | A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 73% (11) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 13% (2) | CWE-125 | Out-of-bounds Read |
| 6% (1) | CWE-126 | Buffer Over-read |
| 6% (1) | CWE-20 | Improper Input Validation |
