Lenovo: Security Vulnerabilities
A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-07-31
A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-07-31
ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow
an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. The server’s NIST SP
800-193-compliant Platform Firmware Resiliency (PFR) security subsystem
significantly mitigates this issue.
CVSS Score
2.0
EPSS Score
0.0
Published
2024-02-16
A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.
CVSS Score
6.8
EPSS Score
0.0
Published
2024-01-19
An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.
CVSS Score
3.3
EPSS Score
0.001
Published
2024-01-19
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-01-19
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges.
CVSS Score
6.3
EPSS Score
0.0
Published
2024-01-19
An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-01-19
Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-01-03
A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-01-03