Vulnerabilities > Lenovo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-19 | CVE-2023-5080 | Unspecified vulnerability in Lenovo products A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands. | 7.8 |
| 2024-01-19 | CVE-2023-6043 | Improper Certificate Validation vulnerability in Lenovo Vantage A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges. | 7.8 |
| 2024-01-03 | CVE-2023-6338 | Uncontrolled Search Path Element vulnerability in Lenovo Universal Device Client Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. | 7.8 |
| 2024-01-03 | CVE-2023-6540 | Unspecified vulnerability in Lenovo Browser HD and Browser Mobile A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information. | 7.5 |
| 2023-11-08 | CVE-2023-4632 | Uncontrolled Search Path Element vulnerability in Lenovo System Update An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges. | 7.8 |
| 2023-11-08 | CVE-2023-4706 | Unspecified vulnerability in Lenovo Preload Directory A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges. | 7.8 |
| 2023-11-08 | CVE-2023-5079 | Improper Input Validation vulnerability in Lenovo Lecloud Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure. | 7.5 |
| 2023-10-27 | CVE-2022-3611 | Information Exposure vulnerability in Lenovo APP Store APP An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications. | 7.5 |
| 2023-10-27 | CVE-2022-3701 | Improper Privilege Management vulnerability in Lenovo products A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges. | 7.8 |
| 2023-10-27 | CVE-2022-3702 | Unspecified vulnerability in Lenovo products A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions. | 7.1 |