Filtered by vendor Lenovo
Subscriptions
Total
403 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-45104 | 1 Lenovo | 1 Xclarity Administrator | 2024-12-13 | 6.3 Medium |
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call. | ||||
CVE-2024-45103 | 1 Lenovo | 1 Xclarity Administrator | 2024-12-13 | 4.3 Medium |
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges. | ||||
CVE-2023-34420 | 1 Lenovo | 1 Xclarity Administrator | 2024-12-04 | 7.2 High |
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API. | ||||
CVE-2023-2290 | 1 Lenovo | 171 Thinkpad E14, Thinkpad E14 Firmware, Thinkpad E14 Gen2 and 168 more | 2024-12-03 | 6.4 Medium |
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
CVE-2023-3113 | 1 Lenovo | 1 Xclarity Administrator | 2024-12-03 | 8.2 High |
An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files. | ||||
CVE-2023-34418 | 1 Lenovo | 1 Xclarity Administrator | 2024-12-03 | 8.1 High |
A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API. | ||||
CVE-2023-4607 | 1 Lenovo | 231 Thinkagile Hx1021 Edg, Thinkagile Hx1021 Edg Firmware, Thinkagile Hx1320 and 228 more | 2024-12-03 | 7.5 High |
An authenticated XCC user can change permissions for any user through a crafted API command. | ||||
CVE-2024-27912 | 1 Lenovo | 6 Lingxlang G262dn Firmware, Lingxlang G336dn Firmware, Lingxlang Gm265dn Firmware and 3 more | 2024-11-21 | 7.5 High |
A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets. | ||||
CVE-2024-27911 | 1 Lenovo | 6 Lingxlang G262dn Firmware, Lingxlang G336dn Firmware, Lingxlang Gm265dn Firmware and 3 more | 2024-11-21 | 7.5 High |
A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password. | ||||
CVE-2023-6540 | 1 Lenovo | 2 Browser Hd, Browser Mobile | 2024-11-21 | 6.5 Medium |
A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information. | ||||
CVE-2023-6450 | 1 Lenovo | 1 App Store | 2024-11-21 | 5.5 Medium |
An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service. | ||||
CVE-2023-6338 | 1 Lenovo | 1 Universal Device Client | 2024-11-21 | 7.8 High |
Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. | ||||
CVE-2023-6044 | 1 Lenovo | 1 Vantage | 2024-11-21 | 6.3 Medium |
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges. | ||||
CVE-2023-6043 | 1 Lenovo | 1 Vantage | 2024-11-21 | 7.8 High |
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges. | ||||
CVE-2023-5081 | 1 Lenovo | 8 Tab M8 Hd Tb8505f, Tab M8 Hd Tb8505f Firmware, Tab M8 Hd Tb8505fs and 5 more | 2024-11-21 | 3.3 Low |
An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. | ||||
CVE-2023-5080 | 1 Lenovo | 12 Tab M10 Plus Gen 3 Tb125fu, Tab M10 Plus Gen 3 Tb125fu Firmware, Tab M8 Hd Tb8505f and 9 more | 2024-11-21 | 6.8 Medium |
A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands. | ||||
CVE-2023-5079 | 1 Lenovo | 1 Lecloud | 2024-11-21 | 7.5 High |
Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure. | ||||
CVE-2023-5078 | 1 Lenovo | 40 Thinkpad L13 Gen 2, Thinkpad L13 Gen 2 Firmware, Thinkpad L13 Gen 3 and 37 more | 2024-11-21 | 6.7 Medium |
A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware. | ||||
CVE-2023-5075 | 1 Lenovo | 2 Ideapad Duet 3 10igl5, Ideapad Duet 3 10igl5 Firmware | 2024-11-21 | 6.7 Medium |
A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code. | ||||
CVE-2023-4891 | 2 Lenovo, Microsoft | 2 View Driver, Windows | 2024-11-21 | 5.5 Medium |
A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service. |