Vulnerabilities > Lenovo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-27 | CVE-2022-34887 | Unspecified vulnerability in Lenovo products Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password. | 5.4 |
| 2023-10-27 | CVE-2022-3429 | Unspecified vulnerability in Lenovo products A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly. | 6.5 |
| 2023-10-25 | CVE-2022-3698 | Unspecified vulnerability in Lenovo Diagnostics and Hardwarescan Plugin A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash. | 4.4 |
| 2023-10-25 | CVE-2022-3699 | Unspecified vulnerability in Lenovo products A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges. | 7.8 |
| 2023-10-25 | CVE-2023-4606 | Missing Authorization vulnerability in Lenovo products An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. | 8.1 |
| 2023-10-25 | CVE-2023-4607 | Unspecified vulnerability in Lenovo products An authenticated XCC user can change permissions for any user through a crafted API command. | 8.8 |
| 2023-10-25 | CVE-2023-4608 | Unspecified vulnerability in Lenovo products An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. | 7.2 |
| 2023-10-25 | CVE-2022-0353 | Unspecified vulnerability in Lenovo products A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash. | 4.4 |
| 2023-10-09 | CVE-2022-3728 | Unspecified vulnerability in Lenovo products A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. low complexity lenovo | 6.8 |
| 2023-10-09 | CVE-2022-48182 | Unspecified vulnerability in Lenovo products A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. low complexity lenovo | 6.8 |