Filtered by vendor Lenovo Subscriptions
Total 403 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-45104 1 Lenovo 1 Xclarity Administrator 2024-12-13 6.3 Medium
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.
CVE-2024-45103 1 Lenovo 1 Xclarity Administrator 2024-12-13 4.3 Medium
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.
CVE-2023-34420 1 Lenovo 1 Xclarity Administrator 2024-12-04 7.2 High
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.
CVE-2023-2290 1 Lenovo 171 Thinkpad E14, Thinkpad E14 Firmware, Thinkpad E14 Gen2 and 168 more 2024-12-03 6.4 Medium
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2023-3113 1 Lenovo 1 Xclarity Administrator 2024-12-03 8.2 High
An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files.
CVE-2023-34418 1 Lenovo 1 Xclarity Administrator 2024-12-03 8.1 High
A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.
CVE-2023-4607 1 Lenovo 231 Thinkagile Hx1021 Edg, Thinkagile Hx1021 Edg Firmware, Thinkagile Hx1320 and 228 more 2024-12-03 7.5 High
An authenticated XCC user can change permissions for any user through a crafted API command.
CVE-2024-27912 1 Lenovo 6 Lingxlang G262dn Firmware, Lingxlang G336dn Firmware, Lingxlang Gm265dn Firmware and 3 more 2024-11-21 7.5 High
A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets.
CVE-2024-27911 1 Lenovo 6 Lingxlang G262dn Firmware, Lingxlang G336dn Firmware, Lingxlang Gm265dn Firmware and 3 more 2024-11-21 7.5 High
A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password.
CVE-2023-6540 1 Lenovo 2 Browser Hd, Browser Mobile 2024-11-21 6.5 Medium
A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information.
CVE-2023-6450 1 Lenovo 1 App Store 2024-11-21 5.5 Medium
An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service.
CVE-2023-6338 1 Lenovo 1 Universal Device Client 2024-11-21 7.8 High
Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
CVE-2023-6044 1 Lenovo 1 Vantage 2024-11-21 6.3 Medium
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges.
CVE-2023-6043 1 Lenovo 1 Vantage 2024-11-21 7.8 High
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges.
CVE-2023-5081 1 Lenovo 8 Tab M8 Hd Tb8505f, Tab M8 Hd Tb8505f Firmware, Tab M8 Hd Tb8505fs and 5 more 2024-11-21 3.3 Low
An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.
CVE-2023-5080 1 Lenovo 12 Tab M10 Plus Gen 3 Tb125fu, Tab M10 Plus Gen 3 Tb125fu Firmware, Tab M8 Hd Tb8505f and 9 more 2024-11-21 6.8 Medium
A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.
CVE-2023-5079 1 Lenovo 1 Lecloud 2024-11-21 7.5 High
Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure.
CVE-2023-5078 1 Lenovo 40 Thinkpad L13 Gen 2, Thinkpad L13 Gen 2 Firmware, Thinkpad L13 Gen 3 and 37 more 2024-11-21 6.7 Medium
A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware.
CVE-2023-5075 1 Lenovo 2 Ideapad Duet 3 10igl5, Ideapad Duet 3 10igl5 Firmware 2024-11-21 6.7 Medium
A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code.
CVE-2023-4891 2 Lenovo, Microsoft 2 View Driver, Windows 2024-11-21 5.5 Medium
A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service.