Vulnerabilities > Lenovo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-11 | CVE-2024-5474 | Incorrect Default Permissions vulnerability in Lenovo Dolby Vision Provisioning A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. | 5.5 |
| 2024-09-13 | CVE-2024-45103 | Unspecified vulnerability in Lenovo Xclarity Administrator A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges. | 4.3 |
| 2024-09-13 | CVE-2024-45104 | Unspecified vulnerability in Lenovo Xclarity Administrator A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call. | 6.5 |
| 2024-07-31 | CVE-2017-3772 | Unspecified vulnerability in Lenovo Pcmanager A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot. | 5.5 |
| 2024-01-19 | CVE-2023-6044 | Authentication Bypass by Spoofing vulnerability in Lenovo Vantage A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges. | 6.8 |
| 2024-01-19 | CVE-2023-6450 | Unspecified vulnerability in Lenovo APP Store An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service. | 5.5 |
| 2023-11-08 | CVE-2023-43571 | Classic Buffer Overflow vulnerability in Lenovo products A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 6.7 |
| 2023-11-08 | CVE-2023-43572 | Out-of-bounds Read vulnerability in Lenovo products A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. | 4.4 |
| 2023-11-08 | CVE-2023-43573 | Classic Buffer Overflow vulnerability in Lenovo products A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 6.7 |
| 2023-11-08 | CVE-2023-43574 | Out-of-bounds Read vulnerability in Lenovo products A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. | 4.4 |