CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6044
https://notcve.org/view.php?id=CVE-2023-6044
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges. Se informó una vulnerabilidad de escalada de privilegios en Lenovo Vantage que podría permitir que un atacante local con acceso físico se haga pasar por Lenovo Vantage Service y ejecute código arbitrario con privilegios elevados. • https://support.lenovo.com/us/en/product_security/LEN-144736 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6043
https://notcve.org/view.php?id=CVE-2023-6043
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges. Se informó de una vulnerabilidad de escalada de privilegios en Lenovo Vantage que podría permitir a un atacante local eludir las comprobaciones de integridad y ejecutar código arbitrario con privilegios elevados. • https://support.lenovo.com/us/en/product_security/LEN-144736 • CWE-295: Improper Certificate Validation •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-5081
https://notcve.org/view.php?id=CVE-2023-5081
An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. Se informó una vulnerabilidad de divulgación de información en Lenovo Tab M8 HD que podría permitir que una aplicación local recopile un identificador de dispositivo no reiniciable. • https://support.lenovo.com/us/en/product_security/LEN-142135 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-5080
https://notcve.org/view.php?id=CVE-2023-5080
A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands. Se informó una vulnerabilidad de escalada de privilegios en algunas tabletas Lenovo que podría permitir que las aplicaciones locales accedan a identificadores de dispositivos y comandos del sistema. • https://support.lenovo.com/us/en/product_security/LEN-142135 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6540
https://notcve.org/view.php?id=CVE-2023-6540
A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information. Se informó una vulnerabilidad en las aplicaciones Lenovo Browser Mobile y Lenovo Browser HD para Android que podría permitir a un atacante manipular un payload que podría resultar en la divulgación de información confidencial. • https://iknow.lenovo.com.cn/detail/419251 • CWE-94: Improper Control of Generation of Code ('Code Injection') •