CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10254
https://notcve.org/view.php?id=CVE-2024-10254
14 Jan 2025 — A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. • https://iknow.lenovo.com.cn/detail/425367 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10253
https://notcve.org/view.php?id=CVE-2024-10253
14 Jan 2025 — A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. • https://iknow.lenovo.com.cn/detail/425367 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4130
https://notcve.org/view.php?id=CVE-2024-4130
11 Oct 2024 — A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges. • https://iknow.lenovo.com.cn/detail/423563 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6450
https://notcve.org/view.php?id=CVE-2023-6450
19 Jan 2024 — An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service. Se informó una vulnerabilidad de permisos incorrectos en la aplicación Lenovo App Store que podría permitir a un atacante utilizar recursos del sistema, lo que provocaría una denegación de servicio. • https://iknow.lenovo.com.cn/detail/419672 • CWE-400: Uncontrolled Resource Consumption CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3611
https://notcve.org/view.php?id=CVE-2022-3611
27 Oct 2023 — An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications. Se ha identificado una vulnerabilidad de divulgación de información en Lenovo App Store que puede permitir que algunas aplicaciones obtengan acceso no autorizado a datos confidenciales del usuario utilizados por otras aplicaciones no relacionadas. • https://iknow.lenovo.com.cn/detail/205280.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •