CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25494
https://notcve.org/view.php?id=CVE-2023-25494
A potential vulnerability were reported in the BIOS of some Desktop, Smart Edge, and ThinkStation products that could allow a local attacker with elevated privileges to write to NVRAM variables. Se informó una vulnerabilidad potencial en el BIOS de algunos productos de escritorio, Smart Edge y ThinkStation que podría permitir que un atacante local con privilegios elevados escriba en variables NVRAM. • https://support.lenovo.com/us/en/product_security/LEN-141775 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25493
https://notcve.org/view.php?id=CVE-2023-25493
A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code. Se informó una vulnerabilidad potencial en el controlador de la herramienta de actualización del BIOS para algunos productos Desktop, Smart Edge, Smart Office y ThinkStation que podría permitir a un usuario local con privilegios elevados ejecutar código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-141775 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5912
https://notcve.org/view.php?id=CVE-2023-5912
A potential memory leakage vulnerability was reported in some Lenovo Notebook products that may allow a local attacker with elevated privileges to write to NVRAM variables. Se informó una posible vulnerabilidad de pérdida de memoria en algunos productos portátiles Lenovo que puede permitir que un atacante local con privilegios elevados escriba en variables NVRAM. • https://support.lenovo.com/us/en/product_security/LEN-155477 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4605
https://notcve.org/view.php?id=CVE-2023-4605
A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information. Un usuario válido de Lenovo XClarity Administrator (LXCA) puede aprovechar un endpoint API no autenticado para recuperar información de eventos del sistema. • https://support.lenovo.com/us/en/product_security/LEN-136592 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6450
https://notcve.org/view.php?id=CVE-2023-6450
An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service. Se informó una vulnerabilidad de permisos incorrectos en la aplicación Lenovo App Store que podría permitir a un atacante utilizar recursos del sistema, lo que provocaría una denegación de servicio. • https://iknow.lenovo.com.cn/detail/419672 • CWE-400: Uncontrolled Resource Consumption •