Filtered by vendor Lenovo Subscriptions
Total 403 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-4131 1 Lenovo 1 Emulator 2024-10-17 7.8 High
A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges.
CVE-2024-4132 1 Lenovo 1 Lock Screen 2024-10-17 7.8 High
A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges.
CVE-2024-9046 1 Lenovo 1 Starstudio 2024-10-17 7.8 High
A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges.
CVE-2024-33578 1 Lenovo 1 Leyun 2024-10-15 7.8 High
A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges.
CVE-2024-33580 1 Lenovo 1 Personal Cloud 2024-10-15 7.8 High
A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges.
CVE-2024-33579 1 Lenovo 1 Baiying 2024-10-15 7.8 High
A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges.
CVE-2024-33581 1 Lenovo 1 Pcmanager 2024-10-15 7.8 High
A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges.
CVE-2024-33582 1 Lenovo 1 Service Framework 2024-10-15 7.8 High
A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges.
CVE-2024-3100 1 Lenovo 55 100w Gen 3 Firmware, 100w Gen 4 Firmware, 13w Yoga Firmware and 52 more 2024-09-17 6.7 Medium
A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code.
CVE-2024-4550 1 Lenovo 5 Thinkstation P360 Workstation Firmware, Thinksystem St50 Firmware, Thinksystem St50 V2 Firmware and 2 more 2024-09-16 6.7 Medium
A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code.
CVE-2024-7756 1 Lenovo 3 10w Firmware, Thinkpad L390 Firmware, Thinkpad L390 Yoga Firmware 2024-09-16 6.8 Medium
A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell.
CVE-2024-45105 1 Lenovo 99 Thinkagile Hx1331 Firmware, Thinkagile Hx2330 Firmware, Thinkagile Hx2331 Firmware and 96 more 2024-09-16 6.7 Medium
An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code.
CVE-2024-8281 1 Lenovo 139 Thinkagile Hx1021 Edge Certified Node 3yr Firmware, Thinkagile Hx1320 Firmware, Thinkagile Hx1321 Firmware and 136 more 2024-09-14 7.2 High
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell.
CVE-2024-45101 1 Lenovo 1 Xclarity Administrator 2024-09-14 6.8 Medium
A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL.
CVE-2024-8278 1 Lenovo 139 Thinkagile Hx1021 Edge Certified Node 3yr Firmware, Thinkagile Hx1320 Firmware, Thinkagile Hx1321 Firmware and 136 more 2024-09-14 7.2 High
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.
CVE-2024-8279 1 Lenovo 139 Thinkagile Hx1021 Edge Certified Node 3yr Firmware, Thinkagile Hx1320 Firmware, Thinkagile Hx1321 Firmware and 136 more 2024-09-14 7.2 High
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.
CVE-2024-8280 1 Lenovo 139 Thinkagile Hx1021 Edge Certified Node 3yr Firmware, Thinkagile Hx1320 Firmware, Thinkagile Hx1321 Firmware and 136 more 2024-09-14 7.2 High
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file.
CVE-2024-2175 1 Lenovo 2 Accessories And Display Manager, Display Control Center 2024-08-19 7.8 High
An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges.
CVE-2024-4763 1 Lenovo 2 Accessories And Display Manager, Display Control Center 2024-08-19 7.8 High
An insecure driver vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges to kernel.
CVE-2023-1577 1 Lenovo 1 Drivers Management 2024-08-13 7.8 High
A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges.