CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4568
https://notcve.org/view.php?id=CVE-2022-4568
A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges. • https://support.lenovo.com/us/en/product_security/LEN-103545 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 225EXPL: 0CVE-2023-0683
https://notcve.org/view.php?id=CVE-2023-0683
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call. • https://support.lenovo.com/us/en/product_security/LEN-99936 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 225EXPL: 0CVE-2023-25492
https://notcve.org/view.php?id=CVE-2023-25492
A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API. • https://support.lenovo.com/us/en/product_security/LEN-99936 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0896
https://notcve.org/view.php?id=CVE-2023-0896
A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access. • https://support.lenovo.com/us/en/product_security/LEN-113714 • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: 225EXPL: 0CVE-2023-25495
https://notcve.org/view.php?id=CVE-2023-25495
A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured • https://support.lenovo.com/us/en/product_security/LEN-99936 • CWE-522: Insufficiently Protected Credentials •