CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25494
https://notcve.org/view.php?id=CVE-2023-25494
05 Apr 2024 — A potential vulnerability were reported in the BIOS of some Desktop, Smart Edge, and ThinkStation products that could allow a local attacker with elevated privileges to write to NVRAM variables. Se informó una vulnerabilidad potencial en el BIOS de algunos productos de escritorio, Smart Edge y ThinkStation que podría permitir que un atacante local con privilegios elevados escriba en variables NVRAM. • https://support.lenovo.com/us/en/product_security/LEN-141775 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25493
https://notcve.org/view.php?id=CVE-2023-25493
05 Apr 2024 — A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code. Se informó una vulnerabilidad potencial en el controlador de la herramienta de actualización del BIOS para algunos productos Desktop, Smart Edge, Smart Office y ThinkStation que podría permitir a un usuario local con privilegios elevados ejecutar código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-141775 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5912
https://notcve.org/view.php?id=CVE-2023-5912
05 Apr 2024 — A potential memory leakage vulnerability was reported in some Lenovo Notebook products that may allow a local attacker with elevated privileges to write to NVRAM variables. Se informó una posible vulnerabilidad de pérdida de memoria en algunos productos portátiles Lenovo que puede permitir que un atacante local con privilegios elevados escriba en variables NVRAM. • https://support.lenovo.com/us/en/product_security/LEN-155477 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4605
https://notcve.org/view.php?id=CVE-2023-4605
05 Apr 2024 — A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information. Un usuario válido de Lenovo XClarity Administrator (LXCA) puede aprovechar un endpoint API no autenticado para recuperar información de eventos del sistema. • https://support.lenovo.com/us/en/product_security/LEN-136592 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6450
https://notcve.org/view.php?id=CVE-2023-6450
19 Jan 2024 — An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service. Se informó una vulnerabilidad de permisos incorrectos en la aplicación Lenovo App Store que podría permitir a un atacante utilizar recursos del sistema, lo que provocaría una denegación de servicio. • https://iknow.lenovo.com.cn/detail/419672 • CWE-400: Uncontrolled Resource Consumption CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6044
https://notcve.org/view.php?id=CVE-2023-6044
19 Jan 2024 — A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges. Se informó una vulnerabilidad de escalada de privilegios en Lenovo Vantage que podría permitir que un atacante local con acceso físico se haga pasar por Lenovo Vantage Service y ejecute código arbitrario con privilegios elevados. • https://support.lenovo.com/us/en/product_security/LEN-144736 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6043
https://notcve.org/view.php?id=CVE-2023-6043
19 Jan 2024 — A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges. Se informó de una vulnerabilidad de escalada de privilegios en Lenovo Vantage que podría permitir a un atacante local eludir las comprobaciones de integridad y ejecutar código arbitrario con privilegios elevados. • https://support.lenovo.com/us/en/product_security/LEN-144736 • CWE-295: Improper Certificate Validation •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-5081
https://notcve.org/view.php?id=CVE-2023-5081
19 Jan 2024 — An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. Se informó una vulnerabilidad de divulgación de información en Lenovo Tab M8 HD que podría permitir que una aplicación local recopile un identificador de dispositivo no reiniciable. • https://support.lenovo.com/us/en/product_security/LEN-142135 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-5080
https://notcve.org/view.php?id=CVE-2023-5080
19 Jan 2024 — A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands. Se informó una vulnerabilidad de escalada de privilegios en algunas tabletas Lenovo que podría permitir que las aplicaciones locales accedan a identificadores de dispositivos y comandos del sistema. • https://support.lenovo.com/us/en/product_security/LEN-142135 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6540
https://notcve.org/view.php?id=CVE-2023-6540
03 Jan 2024 — A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information. Se informó una vulnerabilidad en las aplicaciones Lenovo Browser Mobile y Lenovo Browser HD para Android que podría permitir a un atacante manipular un payload que podría resultar en la divulgación de información confidencial. • https://iknow.lenovo.com.cn/detail/419251 • CWE-94: Improper Control of Generation of Code ('Code Injection') •