Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-31 | CVE-2019-6198 | Improper Authentication vulnerability in Lenovo Pcmanager 2.6.40.3154 A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges. | 7.8 |
| 2024-07-31 | CVE-2023-1577 | Unspecified vulnerability in Lenovo Drivers Management 2.7.1128.1046 A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges. | 7.8 |
| 2024-02-16 | CVE-2024-23591 | Unspecified vulnerability in Lenovo Thinksystem Sr670 V2 Firmware 2.60Tgbt42H/U8E118M ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. The server’s NIST SP 800-193-compliant Platform Firmware Resiliency (PFR) security subsystem significantly mitigates this issue. | 2.3 |
| 2024-01-19 | CVE-2023-5080 | Unspecified vulnerability in Lenovo products A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands. | 7.8 |
| 2024-01-19 | CVE-2023-6044 | Unspecified vulnerability in Lenovo Vantage A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges. low complexity lenovo | 6.8 |
| 2024-01-03 | CVE-2023-6540 | Unspecified vulnerability in Lenovo Browser HD and Browser Mobile A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information. | 7.5 |
| 2023-11-08 | CVE-2023-43571 | Unspecified vulnerability in Lenovo products A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 6.7 |
| 2023-11-08 | CVE-2023-43572 | Out-of-bounds Read vulnerability in Lenovo products A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. | 4.4 |
| 2023-11-08 | CVE-2023-43573 | Unspecified vulnerability in Lenovo products A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 6.7 |
| 2023-11-08 | CVE-2023-43574 | Out-of-bounds Read vulnerability in Lenovo products A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. | 4.4 |