Vulnerabilidades em Lenovo
369 resultadosCVE-2023-34418HIGHA valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnEPSS 0.5%CVE-2024-3286HIGH
A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restartEPSS 0.5%CVE-2023-29056MEDIUMA valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC mustEPSS 0.4%CVE-2026-6281HIGHA potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the locEPSS 0.4%CVE-2024-4696HIGHA privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commaEPSS 0.4%CVE-2023-4607HIGHAn authenticated XCC user can change permissions for any user through a crafted API command.EPSS 0.4%CVE-2023-3113HIGHAn unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could resulEPSS 0.4%CVE-2020-8338HIGHA DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execEPSS 0.4%CVE-2020-8345HIGHA DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to versionEPSS 0.4%CVE-2020-8326HIGHAn unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authentiEPSS 0.4%CVE-2020-8317HIGHA DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated uEPSS 0.4%CVE-2022-34888LOWThe Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normaEPSS 0.4%CVE-2023-34421MEDIUMA valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API callEPSS 0.4%CVE-2023-34422MEDIUMA valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafteEPSS 0.4%CVE-2022-3611HIGHAn information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized aEPSS 0.4%CVE-2020-8318HIGHA privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version thEPSS 0.4%CVE-2023-0896HIGHA default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attackEPSS 0.4%CVE-2020-8319HIGHA privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenEPSS 0.4%CVE-2026-6282HIGHA potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remoteEPSS 0.4%CVE-2019-6184—A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalaEPSS 0.4%