CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12673
https://notcve.org/view.php?id=CVE-2024-12673
12 Feb 2025 — An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V Series (Gen 5) * ThinkBook 14 (Gen 6, 7) * ThinkBook 16 (Gen 6, 7) * ThinkPad E Series (Gen 1) • https://support.lenovo.com/us/en/product_security/LEN-183176 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45102
https://notcve.org/view.php?id=CVE-2024-45102
14 Jan 2025 — A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances. • https://support.lenovo.com/us/en/product_security/LEN-154748 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10254
https://notcve.org/view.php?id=CVE-2024-10254
14 Jan 2025 — A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. • https://iknow.lenovo.com.cn/detail/425367 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10253
https://notcve.org/view.php?id=CVE-2024-10253
14 Jan 2025 — A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. • https://iknow.lenovo.com.cn/detail/425367 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8058
https://notcve.org/view.php?id=CVE-2024-8058
16 Dec 2024 — An improper parsing vulnerability was reported in the FileZ client that could allow a crafted file in the FileZ directory to read arbitrary files on the device due to URL preloading. • https://www.filez.com/securityPolicy/1.html?1733849740 • CWE-125: Out-of-bounds Read CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6001
https://notcve.org/view.php?id=CVE-2024-6001
16 Dec 2024 — An improper certificate validation vulnerability was reported in LADM that could allow a network attacker with the ability to redirect an update request to a remote server and execute code with elevated privileges. • https://support.lenovo.co/us/en/product_security/LEN-174319 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4762
https://notcve.org/view.php?id=CVE-2024-4762
16 Dec 2024 — An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges. • https://support.lenovo.co/us/en/product_security/LEN-174319 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33582
https://notcve.org/view.php?id=CVE-2024-33582
11 Oct 2024 — A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges. • https://iknow.lenovo.com.cn/detail/423563 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33581
https://notcve.org/view.php?id=CVE-2024-33581
11 Oct 2024 — A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges. • https://iknow.lenovo.com.cn/detail/423563 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33580
https://notcve.org/view.php?id=CVE-2024-33580
11 Oct 2024 — A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges. • https://iknow.lenovo.com.cn/detail/423563 • CWE-427: Uncontrolled Search Path Element •