CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45104
https://notcve.org/view.php?id=CVE-2024-45104
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call. • https://support.lenovo.com/us/en/product_security/LEN-154748 • CWE-282: Improper Ownership Management •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45103
https://notcve.org/view.php?id=CVE-2024-45103
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges. • https://support.lenovo.com/us/en/product_security/LEN-154748 • CWE-282: Improper Ownership Management •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45101
https://notcve.org/view.php?id=CVE-2024-45101
A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL. • https://support.lenovo.com/us/en/product_security/LEN-154748 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7756
https://notcve.org/view.php?id=CVE-2024-7756
A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell. • https://support.lenovo.com/us/en/product_security/LEN-165524 • CWE-489: Active Debug Code •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6004
https://notcve.org/view.php?id=CVE-2024-6004
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted. • https://iknow.lenovo.com.cn/detail/422688 • CWE-400: Uncontrolled Resource Consumption •