Vulnerabilities > Lenovo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-03 | CVE-2023-6338 | Uncontrolled Search Path Element vulnerability in Lenovo Universal Device Client Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. | 7.8 |
| 2024-01-03 | CVE-2023-6540 | Unspecified vulnerability in Lenovo Browser HD and Browser Mobile A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information. | 7.5 |
| 2023-11-08 | CVE-2023-4632 | Uncontrolled Search Path Element vulnerability in Lenovo System Update An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges. | 7.8 |
| 2023-11-08 | CVE-2023-4706 | Unspecified vulnerability in Lenovo Preload Directory A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges. | 7.8 |
| 2023-11-08 | CVE-2023-5079 | Improper Input Validation vulnerability in Lenovo Lecloud Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure. | 7.5 |
| 2023-10-27 | CVE-2022-3611 | Information Exposure vulnerability in Lenovo APP Store APP An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications. | 7.5 |
| 2023-10-27 | CVE-2022-3701 | Improper Privilege Management vulnerability in Lenovo products A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges. | 7.8 |
| 2023-10-27 | CVE-2022-3702 | Unspecified vulnerability in Lenovo products A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions. | 7.1 |
| 2023-10-27 | CVE-2022-34886 | Out-of-bounds Write vulnerability in Lenovo products A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow. | 8.8 |
| 2023-10-25 | CVE-2022-3699 | Out-of-bounds Write vulnerability in Lenovo products A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges. | 7.8 |