Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-27 | CVE-2022-3702 | Unspecified vulnerability in Lenovo products A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions. | 7.1 |
| 2023-10-27 | CVE-2022-34886 | Out-of-bounds Write vulnerability in Lenovo products A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow. | 8.8 |
| 2023-10-27 | CVE-2022-34887 | Improper Authentication vulnerability in Lenovo products Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password. | 5.4 |
| 2023-10-27 | CVE-2022-3429 | Unspecified vulnerability in Lenovo products A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly. | 6.5 |
| 2023-10-25 | CVE-2022-3698 | Unspecified vulnerability in Lenovo Diagnostics and Hardwarescan Plugin A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash. | 4.4 |
| 2023-10-25 | CVE-2022-3699 | Out-of-bounds Write vulnerability in Lenovo products A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges. | 7.8 |
| 2023-10-25 | CVE-2023-4606 | Missing Authorization vulnerability in Lenovo products An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. | 8.1 |
| 2023-10-25 | CVE-2023-4607 | Improper Privilege Management vulnerability in Lenovo products An authenticated XCC user can change permissions for any user through a crafted API command. | 8.8 |
| 2023-10-25 | CVE-2023-4608 | SQL Injection vulnerability in Lenovo products An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. | 7.2 |
| 2023-10-25 | CVE-2022-0353 | Unspecified vulnerability in Lenovo products A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash. | 4.4 |