CVSS: 6.7EPSS: 0%CPEs: 52EXPL: 0CVE-2023-4029
https://notcve.org/view.php?id=CVE-2023-4029
A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code. Se ha identificado un desbordamiento de búfer en el controlador BoardUpdateAcpiDxe de algunos productos ThinkPad de Lenovo que puede permitir a un atacante con acceso local y privilegios elevados ejecutar código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-134879 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.7EPSS: 0%CPEs: 58EXPL: 0CVE-2023-4028
https://notcve.org/view.php?id=CVE-2023-4028
A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code. Se ha identificado un desbordamiento de búfer en el controlador SystemUserMasterHddPwdDxe de algunos productos portátiles de Lenovo que puede permitir a un atacante con acceso local y privilegios elevados ejecutar código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-134879 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3078
https://notcve.org/view.php?id=CVE-2023-3078
An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. Una vulnerabilidad de ruta de búsqueda no controlada en el Lenovo Universal Device Client (UDC) que podría permitir a un atacante con acceso local ejecutar código con privilegios elevados. • https://support.lenovo.com/us/en/product_security/LEN-121183 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34422
https://notcve.org/view.php?id=CVE-2023-34422
A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation. • https://support.lenovo.com/us/en/product_security/LEN-98715 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34421
https://notcve.org/view.php?id=CVE-2023-34421
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation. • https://support.lenovo.com/us/en/product_security/LEN-98715 • CWE-20: Improper Input Validation •