Filtered by vendor Lenovo
Subscriptions
Total
403 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-2993 | 1 Lenovo | 16 Nextscale N1200 Enclosure, Nextscale N1200 Enclosure Firmware, Thinkagile Cp-cb-10 and 13 more | 2024-11-06 | 5.4 Medium |
A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute. | ||||
CVE-2023-34421 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-06 | 6.5 Medium |
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation. | ||||
CVE-2023-34422 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-06 | 6.5 Medium |
A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation. | ||||
CVE-2023-6450 | 1 Lenovo | 1 App Store | 2024-10-21 | 5.5 Medium |
An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service. | ||||
CVE-2024-4089 | 1 Lenovo | 1 Superfile | 2024-10-17 | 7.8 High |
A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges. | ||||
CVE-2024-4130 | 1 Lenovo | 1 App Store | 2024-10-17 | 7.8 High |
A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges. | ||||
CVE-2024-4131 | 1 Lenovo | 1 Emulator | 2024-10-17 | 7.8 High |
A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges. | ||||
CVE-2024-4132 | 1 Lenovo | 1 Lock Screen | 2024-10-17 | 7.8 High |
A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges. | ||||
CVE-2024-9046 | 1 Lenovo | 1 Starstudio | 2024-10-17 | 7.8 High |
A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges. | ||||
CVE-2024-33581 | 1 Lenovo | 1 Pcmanager | 2024-10-15 | 7.8 High |
A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges. | ||||
CVE-2024-33582 | 1 Lenovo | 1 Service Framework | 2024-10-15 | 7.8 High |
A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges. | ||||
CVE-2024-5474 | 1 Lenovo | 1 Dolby Vision Provisioning Software | 2024-10-15 | 5.5 Medium |
A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue. | ||||
CVE-2024-33578 | 1 Lenovo | 1 Leyun | 2024-10-15 | 7.8 High |
A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges. | ||||
CVE-2024-33580 | 1 Lenovo | 1 Personal Cloud | 2024-10-15 | 7.8 High |
A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges. | ||||
CVE-2024-33579 | 1 Lenovo | 1 Baiying | 2024-10-15 | 7.8 High |
A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges. | ||||
CVE-2022-3742 | 1 Lenovo | 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more | 2024-10-09 | 6.7 Medium |
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation. | ||||
CVE-2023-3078 | 1 Lenovo | 1 Universal Device Client | 2024-10-08 | 7.8 High |
An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. | ||||
CVE-2023-4028 | 1 Lenovo | 61 13w Yoga, 13w Yoga Firmware, 13w Yoga Gen 2 and 58 more | 2024-10-08 | 6.7 Medium |
A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
CVE-2023-4029 | 1 Lenovo | 53 K14 Type 21cu, K14 Type 21cu Firmware, K14 Type 21cv and 50 more | 2024-10-08 | 6.7 Medium |
A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
CVE-2023-4030 | 1 Lenovo | 9 Thinkpad, Thinkpad P14s Gen 2, Thinkpad P14s Gen 2 Firmware and 6 more | 2024-10-08 | 8.4 High |
A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt. |