Vulnerabilities > Lenovo > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-11 CVE-2024-5474 Incorrect Default Permissions vulnerability in Lenovo Dolby Vision Provisioning
A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package.
local
low complexity
lenovo CWE-276
5.5
2024-09-13 CVE-2024-45103 Unspecified vulnerability in Lenovo Xclarity Administrator
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.
network
low complexity
lenovo
4.3
2024-09-13 CVE-2024-45104 Unspecified vulnerability in Lenovo Xclarity Administrator
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.
network
low complexity
lenovo
6.5
2024-07-31 CVE-2017-3772 Unspecified vulnerability in Lenovo Pcmanager
A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot.
local
low complexity
lenovo
5.5
2024-01-19 CVE-2023-6044 Unspecified vulnerability in Lenovo Vantage
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges.
low complexity
lenovo
6.8
2023-11-08 CVE-2023-43571 Unspecified vulnerability in Lenovo products
A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
local
low complexity
lenovo
6.7
2023-11-08 CVE-2023-43572 Out-of-bounds Read vulnerability in Lenovo products
A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.
local
low complexity
lenovo CWE-125
4.4
2023-11-08 CVE-2023-43573 Unspecified vulnerability in Lenovo products
A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
local
low complexity
lenovo
6.7
2023-11-08 CVE-2023-43574 Out-of-bounds Read vulnerability in Lenovo products
A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.
local
low complexity
lenovo CWE-125
4.4
2023-11-08 CVE-2023-43575 Unspecified vulnerability in Lenovo products
A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
local
low complexity
lenovo
6.7