Vulnerabilities > Lenovo > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-08 | CVE-2023-4632 | Unspecified vulnerability in Lenovo System Update An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges. | 7.8 |
2023-11-08 | CVE-2023-4706 | Unspecified vulnerability in Lenovo Preload Directory A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges. | 7.8 |
2023-11-08 | CVE-2023-5079 | Improper Input Validation vulnerability in Lenovo Lecloud Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure. | 7.5 |
2023-10-27 | CVE-2022-3611 | Unspecified vulnerability in Lenovo APP Store APP An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications. | 7.5 |
2023-10-27 | CVE-2022-3701 | Improper Privilege Management vulnerability in Lenovo products A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges. | 7.8 |
2023-10-27 | CVE-2022-3702 | Unspecified vulnerability in Lenovo products A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions. | 7.1 |
2023-10-27 | CVE-2022-34886 | Out-of-bounds Write vulnerability in Lenovo products A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow. | 8.8 |
2023-10-25 | CVE-2022-3699 | Unspecified vulnerability in Lenovo products A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges. | 7.8 |
2023-10-25 | CVE-2023-4606 | Missing Authorization vulnerability in Lenovo products An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. | 8.1 |
2023-10-25 | CVE-2023-4607 | Unspecified vulnerability in Lenovo products An authenticated XCC user can change permissions for any user through a crafted API command. | 8.8 |