Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-11 | CVE-2024-4089 | Uncontrolled Search Path Element vulnerability in Lenovo Superfile A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges. | 7.8 |
| 2024-10-11 | CVE-2024-4130 | Uncontrolled Search Path Element vulnerability in Lenovo APP Store A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges. | 7.8 |
| 2024-10-11 | CVE-2024-4131 | Uncontrolled Search Path Element vulnerability in Lenovo Emulator A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges. | 7.8 |
| 2024-10-11 | CVE-2024-4132 | Uncontrolled Search Path Element vulnerability in Lenovo Lock Screen A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges. | 7.8 |
| 2024-10-11 | CVE-2024-5474 | Incorrect Default Permissions vulnerability in Lenovo Dolby Vision Provisioning A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. | 5.5 |
| 2024-10-11 | CVE-2024-9046 | Uncontrolled Search Path Element vulnerability in Lenovo Starstudio A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges. | 7.8 |
| 2024-09-13 | CVE-2024-45103 | Unspecified vulnerability in Lenovo Xclarity Administrator A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges. | 4.3 |
| 2024-09-13 | CVE-2024-45104 | Unspecified vulnerability in Lenovo Xclarity Administrator A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call. | 6.5 |
| 2024-07-31 | CVE-2017-3772 | Unspecified vulnerability in Lenovo Pcmanager A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot. | 5.5 |
| 2024-07-31 | CVE-2019-6197 | Improper Authentication vulnerability in Lenovo Pcmanager 2.6.40.3154 A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. | 7.8 |