Filtered by vendor Lenovo Subscriptions
Total 403 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-2993 1 Lenovo 16 Nextscale N1200 Enclosure, Nextscale N1200 Enclosure Firmware, Thinkagile Cp-cb-10 and 13 more 2024-11-06 5.4 Medium
A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute.
CVE-2023-34421 1 Lenovo 1 Xclarity Administrator 2024-11-06 6.5 Medium
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation.
CVE-2023-34422 1 Lenovo 1 Xclarity Administrator 2024-11-06 6.5 Medium
A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.
CVE-2023-6450 1 Lenovo 1 App Store 2024-10-21 5.5 Medium
An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service.
CVE-2024-4089 1 Lenovo 1 Superfile 2024-10-17 7.8 High
A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges.
CVE-2024-4130 1 Lenovo 1 App Store 2024-10-17 7.8 High
A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges.
CVE-2024-4131 1 Lenovo 1 Emulator 2024-10-17 7.8 High
A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges.
CVE-2024-4132 1 Lenovo 1 Lock Screen 2024-10-17 7.8 High
A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges.
CVE-2024-9046 1 Lenovo 1 Starstudio 2024-10-17 7.8 High
A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges.
CVE-2024-33581 1 Lenovo 1 Pcmanager 2024-10-15 7.8 High
A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges.
CVE-2024-33582 1 Lenovo 1 Service Framework 2024-10-15 7.8 High
A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges.
CVE-2024-5474 1 Lenovo 1 Dolby Vision Provisioning Software 2024-10-15 5.5 Medium
A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue.
CVE-2024-33578 1 Lenovo 1 Leyun 2024-10-15 7.8 High
A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges.
CVE-2024-33580 1 Lenovo 1 Personal Cloud 2024-10-15 7.8 High
A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges.
CVE-2024-33579 1 Lenovo 1 Baiying 2024-10-15 7.8 High
A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges.
CVE-2022-3742 1 Lenovo 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more 2024-10-09 6.7 Medium
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation.
CVE-2023-3078 1 Lenovo 1 Universal Device Client 2024-10-08 7.8 High
An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
CVE-2023-4028 1 Lenovo 61 13w Yoga, 13w Yoga Firmware, 13w Yoga Gen 2 and 58 more 2024-10-08 6.7 Medium
A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2023-4029 1 Lenovo 53 K14 Type 21cu, K14 Type 21cu Firmware, K14 Type 21cv and 50 more 2024-10-08 6.7 Medium
A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2023-4030 1 Lenovo 9 Thinkpad, Thinkpad P14s Gen 2, Thinkpad P14s Gen 2 Firmware and 6 more 2024-10-08 8.4 High
A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.