Filtered by vendor Lenovo
Subscribe
Total
373 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5638 | 7 Apache, Arubanetworks, Hp and 4 more | 13 Struts, Clearpass Policy Manager, Server Automation and 10 more | 2024-07-25 | 10.0 HIGH | 9.8 CRITICAL |
| The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | |||||
| CVE-2023-6043 | 1 Lenovo | 1 Vantage | 2024-01-26 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges. | |||||
| CVE-2023-5081 | 1 Lenovo | 8 Tab M8 Hd Tb8505f, Tab M8 Hd Tb8505f Firmware, Tab M8 Hd Tb8505fs and 5 more | 2024-01-26 | N/A | 3.3 LOW |
| An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. | |||||
| CVE-2023-5080 | 1 Lenovo | 12 Tab M10 Plus Gen 3 Tb125fu, Tab M10 Plus Gen 3 Tb125fu Firmware, Tab M8 Hd Tb8505f and 9 more | 2024-01-26 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands. | |||||
| CVE-2023-6450 | 1 Lenovo | 1 App Store | 2024-01-26 | N/A | 5.5 MEDIUM |
| An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service. | |||||
| CVE-2023-6044 | 1 Lenovo | 1 Vantage | 2024-01-26 | N/A | 6.8 MEDIUM |
| A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges. | |||||
| CVE-2023-6338 | 1 Lenovo | 1 Universal Device Client | 2024-01-10 | N/A | 7.8 HIGH |
| Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. | |||||
| CVE-2023-6540 | 1 Lenovo | 2 Browser Hd, Browser Mobile | 2024-01-10 | N/A | 7.5 HIGH |
| A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information. | |||||
| CVE-2023-5079 | 1 Lenovo | 1 Lecloud | 2023-11-22 | N/A | 7.5 HIGH |
| Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure. | |||||
| CVE-2023-4706 | 1 Lenovo | 1 Preload Directory | 2023-11-22 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges. | |||||
| CVE-2023-45077 | 1 Lenovo | 122 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 119 more | 2023-11-16 | N/A | 6.7 MEDIUM |
| A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. | |||||
| CVE-2023-45078 | 1 Lenovo | 122 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 119 more | 2023-11-16 | N/A | 6.7 MEDIUM |
| A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. | |||||
| CVE-2023-4891 | 2 Lenovo, Microsoft | 2 View Driver, Windows | 2023-11-16 | N/A | 5.5 MEDIUM |
| A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service. | |||||
| CVE-2023-5075 | 1 Lenovo | 2 Ideapad Duet 3 10igl5, Ideapad Duet 3 10igl5 Firmware | 2023-11-16 | N/A | 6.7 MEDIUM |
| A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code. | |||||
| CVE-2023-5078 | 1 Lenovo | 40 Thinkpad L13 Gen 2, Thinkpad L13 Gen 2 Firmware, Thinkpad L13 Gen 3 and 37 more | 2023-11-16 | N/A | 6.7 MEDIUM |
| A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware. | |||||
| CVE-2023-45079 | 1 Lenovo | 122 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 119 more | 2023-11-16 | N/A | 6.7 MEDIUM |
| A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. | |||||
| CVE-2023-45076 | 1 Lenovo | 122 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 119 more | 2023-11-16 | N/A | 6.7 MEDIUM |
| A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. | |||||
| CVE-2023-4632 | 1 Lenovo | 1 System Update | 2023-11-16 | N/A | 7.8 HIGH |
| An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges. | |||||
| CVE-2023-45075 | 1 Lenovo | 122 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 119 more | 2023-11-16 | N/A | 6.7 MEDIUM |
| A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. | |||||
| CVE-2023-43567 | 1 Lenovo | 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more | 2023-11-16 | N/A | 6.7 MEDIUM |
| A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | |||||