cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12673,https://securityvulnerability.io/vulnerability/CVE-2024-12673,Improper Privilege Vulnerability in Lenovo Vantage on SMB Notebooks,"An improper privilege vulnerability exists in the BIOS customization feature of Lenovo Vantage designed for SMB notebook devices, enabling a local attacker to enhance their privileges on the system. This issue compromises security on affected Lenovo devices, including specific models from the V Series, ThinkBook, and ThinkPad E Series, potentially allowing unauthorized users to execute sensitive actions that should be restricted.",Lenovo,Vantage,8.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-12T20:31:18.910Z,0
CVE-2024-6001,https://securityvulnerability.io/vulnerability/CVE-2024-6001,Improper Certificate Validation Vulnerability in Lenovo LADM Products,"An improper certificate validation vulnerability has been identified in Lenovo's LADM product line, allowing potential network attackers to manipulate update requests to a remote server. This security flaw could lead to elevated privilege code execution, posing significant risks to the integrity and confidentiality of systems utilizing these products. Organizations using affected versions are advised to apply necessary updates and review security configurations to mitigate this vulnerability.",Lenovo,,8.1,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-12-16T17:15:00.000Z,0
CVE-2024-4762,https://securityvulnerability.io/vulnerability/CVE-2024-4762,Improper Validation Vulnerability in Lenovo's LADM and LDCC Firmware Update Mechanism,"The vulnerability in Lenovo's LADM and LDCC firmware update mechanism arises from improper validation processes. This flaw could potentially enable a local attacker to exploit the system and escalate their privileges. Such vulnerabilities may lead to unauthorized access, compromising system integrity and exposing sensitive information. It is crucial for users to be aware of this issue and take appropriate security measures to safeguard their systems.",Lenovo,,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-16T17:15:00.000Z,0
CVE-2024-33582,https://securityvulnerability.io/vulnerability/CVE-2024-33582,Lenovo Service Framework Vulnerability Allows Local Attacker Execution with Elevated Privileges,"A vulnerability in Lenovo Service Framework has been identified which enables a DLL hijack scenario. This flaw permits a local attacker to execute arbitrary code with elevated privileges, potentially compromising system integrity and security. The risk associated with this vulnerability underscores the importance of implementing security measures and timely software updates. For more detailed information, users and administrators should refer to Lenovo's security advisories and ensure their systems are adequately protected.",Lenovo,Service Framework,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-11T15:17:45.232Z,0
CVE-2024-33581,https://securityvulnerability.io/vulnerability/CVE-2024-33581,Lenovo PC Manager AI Scenario Vulnerability,"A DLL hijack vulnerability exists in Lenovo PC Manager, specifically within the AI intelligent scenario module. This vulnerability can be exploited by local attackers to execute arbitrary code with elevated privileges on the affected systems. Such an exploit could potentially compromise sensitive data or enable unauthorized access to system resources.",Lenovo,Pc Manager Ai Intelligent Scenario,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-11T15:17:35.007Z,0
CVE-2024-33580,https://securityvulnerability.io/vulnerability/CVE-2024-33580,Lenovo Personal Cloud Hijack Vulnerability,"A DLL hijack vulnerability exists in Lenovo Personal Cloud that could be exploited by local attackers. This security issue allows unauthorized execution of code with elevated privileges, which poses substantial risks to user data and system operations. Attackers can leverage this vulnerability to manipulate affected systems, potentially leading to unauthorized access or data manipulation. It is essential for users of Lenovo Personal Cloud to remain vigilant and apply any available patches or updates to mitigate the threat.",Lenovo,Personal Cloud,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-11T15:17:03.670Z,0
CVE-2024-33579,https://securityvulnerability.io/vulnerability/CVE-2024-33579,DLL Hijack Vulnerability in Lenovo Baiying Could Allow Code Execution with Elevated Privileges,"A vulnerability exists in Lenovo's Baiying software due to improper handling of dynamic link libraries (DLLs). This security weakness may be exploited by local attackers who can manipulate DLLs, leading to unauthorized code execution with elevated privileges. It is essential for users to review and apply any available patches to mitigate this risk and enhance system security.",Lenovo,Baiying,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-11T15:16:54.792Z,0
CVE-2024-33578,https://securityvulnerability.io/vulnerability/CVE-2024-33578,Lenovo Leyun DLL Hijack Vulnerability Could Allow Local Attacker to Execute Code with Elevated Privileges,"A vulnerability has been identified in the Lenovo Leyun software that allows local attackers to perform DLL hijacking. This flaw can result in unauthorized code execution with elevated privileges, potentially compromising system integrity. It is crucial for users of Lenovo Leyun to apply the necessary security updates and follow best practices to mitigate potential exploitation.",Lenovo,Leyun,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-11T15:16:44.965Z,0
CVE-2024-9046,https://securityvulnerability.io/vulnerability/CVE-2024-9046,Lenovo stARstudio Hijack Vulnerability Could Allow Local Attacker to Execute Code with Elevated Privileges,"A vulnerability identified in Lenovo's stARstudio presents a significant risk due to a DLL hijacking flaw. This issue allows local attackers to execute arbitrary code with elevated privileges, potentially compromising system security and integrity. The vulnerability underscores the need for immediate updates to affected versions of stARstudio to mitigate risks associated with unauthorized code execution and protect sensitive information.",Lenovo,Starstudio,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-11T15:16:32.088Z,0
CVE-2024-4132,https://securityvulnerability.io/vulnerability/CVE-2024-4132,Lenovo Lock Screen Hijack Vulnerability Allows Local Attacker to Execute Code with Elevated Privileges,"A DLL hijack vulnerability exists in Lenovo Lock Screen, allowing local attackers to exploit the issue for executing arbitrary code with elevated privileges. By placing a malicious DLL in a location that the application accesses, an attacker can gain control over the affected product, potentially leading to unauthorized changes to system configurations or data breaches. This vulnerability underscores the importance of keeping security measures updated and adapting to emerging threats in the cybersecurity landscape.",Lenovo,Lock Screen,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-11T15:16:00.573Z,0
CVE-2024-4131,https://securityvulnerability.io/vulnerability/CVE-2024-4131,Lenovo Emulator Hijack Vulnerability Allows Local Attacker Execution with Elevated Privileges,"A DLL hijacking vulnerability in Lenovo Emulator poses significant risks, allowing local attackers to execute arbitrary code with heightened privileges. This security flaw can be exploited by malicious actors who have access to the vulnerable software environment, potentially leading to unauthorized actions on a compromised system. Users of affected versions are urged to implement mitigation strategies to safeguard their systems against potential exploitation.",Lenovo,Emulator,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-11T15:15:51.533Z,0
CVE-2024-4130,https://securityvulnerability.io/vulnerability/CVE-2024-4130,Lenovo App Store Hijack Vulnerability Allows Local Attacker Execution with Elevated Privileges,"A DLL hijack vulnerability has been identified in Lenovo App Store, potentially enabling local attackers to execute arbitrary code with elevated privileges. This issue poses significant risks to systems where the affected application is installed, allowing unauthorized access and manipulation of system resources. Ensuring the application is updated and following security best practices is essential to mitigate potential exploitation of this vulnerability.",Lenovo,App Store,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-11T15:15:41.059Z,0
CVE-2024-4089,https://securityvulnerability.io/vulnerability/CVE-2024-4089,Lenovo Super File Hijack Vulnerability Could Allow Local Attacker to Execute Code with Elevated Privileges,"A vulnerability exists in Lenovo Super File that allows a local attacker to exploit a DLL hijacking flaw. By placing a malicious DLL in a specific location, the attacker can manipulate the application into loading the malicious file instead of the legitimate one. This may result in the execution of arbitrary code with elevated privileges, posing significant risks to system integrity and user data. Users are strongly recommended to apply updates and security patches provided by Lenovo to mitigate this vulnerability and secure their systems.",Lenovo,Superfile,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-11T15:15:29.047Z,0
CVE-2024-8281,https://securityvulnerability.io/vulnerability/CVE-2024-8281,Command Injection Vulnerability in XCC SSH Captive Shell,"An input validation weakness has been identified in Lenovo's XCC that could potentially allow authenticated users with elevated privileges to execute command injection attacks through carefully constructed command line inputs in the XCC SSH captive shell. This vulnerability poses a significant risk to the integrity and security of affected systems, requiring immediate remediation efforts to protect sensitive environments and data from exploitation.",Lenovo,"Hx5530 Appliance (thinkagile) Xcc,Hx7530 Appliance (thinkagile) Xcc,St250 V3 (thinksystem) Xcc,Vx3331 Certified Node (thinkagile) Xcc,Hx Enclosure Certified Node (thinkagile) Xcc,Hx1021 Edge Certified Node 3yr (thinkagile) Xcc,Hx1320 Appliance (thinkagile) Xcc,Hx1321 Certified Node (thinkagile) Xcc,Hx1331 Certified Node (thinkagile) Xcc,Hx1520-r Appliance (thinkagile) Xcc,Hx1521-r Certified Node (thinkagile) Xcc,Hx2320-e Appliance (thinkagile) Xcc,Hx2321 Certified Node (thinkagile) Xcc,Hx2330 Appliance (thinkagile) Xcc,Hx2331 Certified Node (thinkagile) Xcc,Hx2720-e Appliance (thinkagile) Xcc,Hx3320 Appliance (thinkagile) Xcc,Hx3321 Certified Node (thinkagile) Xcc,Hx3330 Appliance (thinkagile) Xcc,Hx3331 Certified Node (thinkagile) Xcc,Hx3331 Node SAP Hana (thinkagile) Xcc,Hx3375 Appliance (thinkagile) Xcc,Hx3376 Certified Node (thinkagile) Xcc,Hx3520-g Appliance (thinkagile) Xcc,Hx3521-g Certified Node (thinkagile) Xcc,Hx3720 Appliance (thinkagile) Xcc,Hx3721 Certified Node (thinkagile) Xcc,Hx5520 Appliance (thinkagile) Xcc,Hx5520-c Appliance (thinkagile) Xcc,Hx5521 Certified Node (thinkagile) Xcc,Hx5521-c Certified Node (thinkagile) Xcc,Hx5531 Certified Node (thinkagile) Xcc,Hx7520 Appliance (thinkagile) Xcc,Hx7521 Certified Node (thinkagile) Xcc,Hx7530 Appl For SAP Hana (thinkagile) Xcc,Hx7531 Certified Node (thinkagile) Xcc,Hx7531 Node SAP Hana (thinkagile) Xcc,Hx7820 Appliance (thinkagile) Xcc,Hx7821 Certified Node (thinkagile) Xcc,Mx Edge Appliance - Mx1020 (thinkagile) Xcc,Mx3330-f All-flash Appliance (thinkagile) Xcc,Mx3330-h Hybrid Appliance (thinkagile) Xcc,Mx3331-f All-flash Certified Node (thinkagile) Xcc,Mx3331-h Hybrid Certified Node (thinkagile) Xcc,Mx3530 F All Flash Appliance (thinkagile) Xcc,Mx3530-h Hybrid Appliance (thinkagile) Xcc,Mx3531 H Hybrid Certified Node (thinkagile) Xcc,Mx3531-f All-flash Certified Node (thinkagile) Xcc,P920 Rack Workstation (thinkstation) Xcc,Sd530 (thinksystem) Xcc,Sd530 V3 (thinksystem) Xcc,Sd550 V3 (thinksystem) Xcc,Sd630 V2 (thinksystem) Xcc,Sd650 Dwc Dual Node Tray (thinksystem) Xcc,Sd650 V2 (thinksystem) Xcc,Sd650 V3 (thinksystem) Xcc,Sd650-n V2 (thinksystem) Xcc,Sd665 V3 (thinksystem) Xcc,Se350 (thinksystem) Xcc,Se350 V2 (thinkedge) Xcc,Se360 V2 (thinkedge) Xcc,Se450 (thinkedge) Xcc,Se455 V3 (thinkedge) Xcc,Sn550 (thinksystem) Xcc,Sn550 V2 (thinksystem) Xcc,Sn850 (thinksystem) Xcc,Sr150 (thinksystem) Xcc,Sr158 (thinksystem) Xcc,Sr250 (thinksystem) Xcc,Sr250 V2 (thinksystem) Xcc,Sr250 V3 (thinksystem) Xcc,Sr258 (thinksystem) Xcc,Sr258 V2 (thinksystem) Xcc,Sr258 V3 (thinksystem) Xcc,Sr530 (thinksystem) Xcc,Sr550 (thinksystem) Xcc,Sr570  (thinksystem) Xcc,Sr590 (thinksystem) Xcc,Sr630  (thinksystem) Xcc,Sr630 V2 (thinksystem) Xcc,Sr630 V3 (thinksystem) Xcc,Sr635 V3 (thinksystem) Xcc,Sr645 (thinksystem) Xcc,Sr645 V3 (thinksystem) Xcc,Sr650  (thinksystem) Xcc,Sr650 V2 (thinksystem) Xcc,Sr650 V3 (thinksystem) Xcc,Sr655 V3 (thinksystem) Xcc,Sr665 (thinksystem) Xcc,Sr665 V3 (thinksystem) Xcc,Sr670 (thinksystem) Xcc,Sr670 V2 (thinksystem) Xcc,Sr675 V3 (thinksystem) Xcc,Sr850 (thinksystem) Xcc,Sr850 V2 (thinksystem) Xcc,Sr850 V3 (thinksystem) Xcc,Sr850p (thinksystem) Xcc,Sr860 (thinksystem) Xcc,Sr860 V2 (thinksystem) Xcc,Sr860 V3 (thinksystem) Xcc,Sr950 (thinksystem) Xcc,Sr950 V3 (thinksystem) Xcc,St250 (thinksystem) Xcc,St250 V2 (thinksystem) Xcc,St258 (thinksystem) Xcc,St258 V2 (thinksystem) Xcc,St258 V3 (thinksystem) Xcc,St550 (thinksystem) Xcc,St650 V2 (thinksystem) Xcc,St650 V3 (thinksystem) Xcc,St658 V2 (thinksystem) Xcc,St658 V3 (thinksystem) Xcc,Thinkagile Mx1021 On Se350 Xcc,Vx 1se Certified Node (thinkagile) Xcc,Vx 2u4n Certified Node (thinkagile) Xcc,Vx 4u Certified Node (thinkagile) Xcc,Vx1320 (thinkagile) Xcc,Vx2320 (thinkagile) Xcc,Vx2330 Appliance (thinkagile) Xcc,Vx3320 (thinkagile) Xcc,Vx3330 Appliance (thinkagile) Xcc,Vx3520-g (thinkagile) Xcc,Vx3530-g Appliance (thinkagile) Xcc,Vx3720 (thinkagile) Xcc,Vx5520 (thinkagile) Xcc,Vx5530 Appliance (thinkagile) Xcc,Vx635 V3 Integrated System (thinkagile) Xcc,Vx645 V3 Certified Node (thinkagile) Xcc,Vx645 V3 Integrated System (thinkagile) Xcc,Vx655 V3 Certified Node (thinkagile) Xcc,Vx655 V3 Integrated System (thinkagile) Xcc,Vx665 V3 Certified Node (thinkagile) Xcc,Vx665 V3 Integrated System (thinkagile) Xcc,Vx7320 N (thinkagile) Xcc,Vx7330 Appliance (thinkagile) Xcc,Vx7520 (thinkagile) Xcc,Vx7520 N (thinkagile) Xcc,Vx7530 Appliance (thinkagile) Xcc,Vx7531 Certified Node (thinkagile) Xcc,Vx7820 (thinkagile) Xcc",7.2,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-09-13T17:27:48.442Z,0
CVE-2024-8280,https://securityvulnerability.io/vulnerability/CVE-2024-8280,XCC Input Validation Weakness Could Lead to Command Injection or Denial of Service,"An input validation weakness has been identified in Lenovo's XCC, which may allow an authenticated user with elevated privileges to exploit this vulnerability. By using a specially crafted file, it is possible to perform command injection attacks, potentially leading to unauthorized command execution. Additionally, this vulnerability could result in a recoverable denial of service, impacting the overall stability and performance of affected systems. Users of XCC are advised to review their configurations and apply necessary mitigations as outlined in Lenovo's security advisories.",Lenovo,"Hx5530 Appliance (thinkagile) Xcc,Hx7530 Appliance (thinkagile) Xcc,St250 V3 (thinksystem) Xcc,Vx3331 Certified Node (thinkagile) Xcc,Hx Enclosure Certified Node (thinkagile) Xcc,Hx1021 Edge Certified Node 3yr (thinkagile) Xcc,Hx1320 Appliance (thinkagile) Xcc,Hx1321 Certified Node (thinkagile) Xcc,Hx1331 Certified Node (thinkagile) Xcc,Hx1520-r Appliance (thinkagile) Xcc,Hx1521-r Certified Node (thinkagile) Xcc,Hx2320-e Appliance (thinkagile) Xcc,Hx2321 Certified Node (thinkagile) Xcc,Hx2330 Appliance (thinkagile) Xcc,Hx2331 Certified Node (thinkagile) Xcc,Hx2720-e Appliance (thinkagile) Xcc,Hx3320 Appliance (thinkagile) Xcc,Hx3321 Certified Node (thinkagile) Xcc,Hx3330 Appliance (thinkagile) Xcc,Hx3331 Certified Node (thinkagile) Xcc,Hx3331 Node SAP Hana (thinkagile) Xcc,Hx3375 Appliance (thinkagile) Xcc,Hx3376 Certified Node (thinkagile) Xcc,Hx3520-g Appliance (thinkagile) Xcc,Hx3521-g Certified Node (thinkagile) Xcc,Hx3720 Appliance (thinkagile) Xcc,Hx3721 Certified Node (thinkagile) Xcc,Hx5520 Appliance (thinkagile) Xcc,Hx5520-c Appliance (thinkagile) Xcc,Hx5521 Certified Node (thinkagile) Xcc,Hx5521-c Certified Node (thinkagile) Xcc,Hx5531 Certified Node (thinkagile) Xcc,Hx7520 Appliance (thinkagile) Xcc,Hx7521 Certified Node (thinkagile) Xcc,Hx7530 Appl For SAP Hana (thinkagile) Xcc,Hx7531 Certified Node (thinkagile) Xcc,Hx7531 Node SAP Hana (thinkagile) Xcc,Hx7820 Appliance (thinkagile) Xcc,Hx7821 Certified Node (thinkagile) Xcc,Mx Edge Appliance - Mx1020 (thinkagile) Xcc,Mx3330-f All-flash Appliance (thinkagile) Xcc,Mx3330-h Hybrid Appliance (thinkagile) Xcc,Mx3331-f All-flash Certified Node (thinkagile) Xcc,Mx3331-h Hybrid Certified Node (thinkagile) Xcc,Mx3530 F All Flash Appliance (thinkagile) Xcc,Mx3530-h Hybrid Appliance (thinkagile) Xcc,Mx3531 H Hybrid Certified Node (thinkagile) Xcc,Mx3531-f All-flash Certified Node (thinkagile) Xcc,P920 Rack Workstation (thinkstation) Xcc,Sd530 (thinksystem) Xcc,Sd530 V3 (thinksystem) Xcc,Sd550 V3 (thinksystem) Xcc,Sd630 V2 (thinksystem) Xcc,Sd650 Dwc Dual Node Tray (thinksystem) Xcc,Sd650 V2 (thinksystem) Xcc,Sd650 V3 (thinksystem) Xcc,Sd650-n V2 (thinksystem) Xcc,Sd665 V3 (thinksystem) Xcc,Se350 (thinksystem) Xcc,Se350 V2 (thinkedge) Xcc,Se360 V2 (thinkedge) Xcc,Se450 (thinkedge) Xcc,Se455 V3 (thinkedge) Xcc,Sn550 (thinksystem) Xcc,Sn550 V2 (thinksystem) Xcc,Sn850 (thinksystem) Xcc,Sr150 (thinksystem) Xcc,Sr158 (thinksystem) Xcc,Sr250 (thinksystem) Xcc,Sr250 V2 (thinksystem) Xcc,Sr250 V3 (thinksystem) Xcc,Sr258 (thinksystem) Xcc,Sr258 V2 (thinksystem) Xcc,Sr258 V3 (thinksystem) Xcc,Sr530 (thinksystem) Xcc,Sr550 (thinksystem) Xcc,Sr570  (thinksystem) Xcc,Sr590 (thinksystem) Xcc,Sr630  (thinksystem) Xcc,Sr630 V2 (thinksystem) Xcc,Sr630 V3 (thinksystem) Xcc,Sr635 V3 (thinksystem) Xcc,Sr645 (thinksystem) Xcc,Sr645 V3 (thinksystem) Xcc,Sr650  (thinksystem) Xcc,Sr650 V2 (thinksystem) Xcc,Sr650 V3 (thinksystem) Xcc,Sr655 V3 (thinksystem) Xcc,Sr665 (thinksystem) Xcc,Sr665 V3 (thinksystem) Xcc,Sr670 (thinksystem) Xcc,Sr670 V2 (thinksystem) Xcc,Sr675 V3 (thinksystem) Xcc,Sr850 (thinksystem) Xcc,Sr850 V2 (thinksystem) Xcc,Sr850 V3 (thinksystem) Xcc,Sr850p (thinksystem) Xcc,Sr860 (thinksystem) Xcc,Sr860 V2 (thinksystem) Xcc,Sr860 V3 (thinksystem) Xcc,Sr950 (thinksystem) Xcc,Sr950 V3 (thinksystem) Xcc,St250 (thinksystem) Xcc,St250 V2 (thinksystem) Xcc,St258 (thinksystem) Xcc,St258 V2 (thinksystem) Xcc,St258 V3 (thinksystem) Xcc,St550 (thinksystem) Xcc,St650 V2 (thinksystem) Xcc,St650 V3 (thinksystem) Xcc,St658 V2 (thinksystem) Xcc,St658 V3 (thinksystem) Xcc,Thinkagile Mx1021 On Se350 Xcc,Vx 1se Certified Node (thinkagile) Xcc,Vx 2u4n Certified Node (thinkagile) Xcc,Vx 4u Certified Node (thinkagile) Xcc,Vx1320 (thinkagile) Xcc,Vx2320 (thinkagile) Xcc,Vx2330 Appliance (thinkagile) Xcc,Vx3320 (thinkagile) Xcc,Vx3330 Appliance (thinkagile) Xcc,Vx3520-g (thinkagile) Xcc,Vx3530-g Appliance (thinkagile) Xcc,Vx3720 (thinkagile) Xcc,Vx5520 (thinkagile) Xcc,Vx5530 Appliance (thinkagile) Xcc,Vx635 V3 Integrated System (thinkagile) Xcc,Vx645 V3 Certified Node (thinkagile) Xcc,Vx645 V3 Integrated System (thinkagile) Xcc,Vx655 V3 Certified Node (thinkagile) Xcc,Vx655 V3 Integrated System (thinkagile) Xcc,Vx665 V3 Certified Node (thinkagile) Xcc,Vx665 V3 Integrated System (thinkagile) Xcc,Vx7320 N (thinkagile) Xcc,Vx7330 Appliance (thinkagile) Xcc,Vx7520 (thinkagile) Xcc,Vx7520 N (thinkagile) Xcc,Vx7530 Appliance (thinkagile) Xcc,Vx7531 Certified Node (thinkagile) Xcc,Vx7820 (thinkagile) Xcc",7.2,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-09-13T17:27:39.022Z,0
CVE-2024-8279,https://securityvulnerability.io/vulnerability/CVE-2024-8279,Privilege Escalation Vulnerability in XCC Allows Command Injection via File Uploads,"A vulnerability in Lenovo's XCC product allows authenticated users with elevated privileges to exploit a privilege escalation flaw. This vulnerability enables attackers to perform command injection through specially crafted file uploads. Ensuring the security of XCC is crucial, as successful exploitation could lead to unauthorized access and control over the system.",Lenovo,"Hx5530 Appliance (thinkagile) Xcc,Hx7530 Appliance (thinkagile) Xcc,St250 V3 (thinksystem) Xcc,Vx3331 Certified Node (thinkagile) Xcc,Hx Enclosure Certified Node (thinkagile) Xcc,Hx1021 Edge Certified Node 3yr (thinkagile) Xcc,Hx1320 Appliance (thinkagile) Xcc,Hx1321 Certified Node (thinkagile) Xcc,Hx1331 Certified Node (thinkagile) Xcc,Hx1520-r Appliance (thinkagile) Xcc,Hx1521-r Certified Node (thinkagile) Xcc,Hx2320-e Appliance (thinkagile) Xcc,Hx2321 Certified Node (thinkagile) Xcc,Hx2330 Appliance (thinkagile) Xcc,Hx2331 Certified Node (thinkagile) Xcc,Hx2720-e Appliance (thinkagile) Xcc,Hx3320 Appliance (thinkagile) Xcc,Hx3321 Certified Node (thinkagile) Xcc,Hx3330 Appliance (thinkagile) Xcc,Hx3331 Certified Node (thinkagile) Xcc,Hx3331 Node SAP Hana (thinkagile) Xcc,Hx3375 Appliance (thinkagile) Xcc,Hx3376 Certified Node (thinkagile) Xcc,Hx3520-g Appliance (thinkagile) Xcc,Hx3521-g Certified Node (thinkagile) Xcc,Hx3720 Appliance (thinkagile) Xcc,Hx3721 Certified Node (thinkagile) Xcc,Hx5520 Appliance (thinkagile) Xcc,Hx5520-c Appliance (thinkagile) Xcc,Hx5521 Certified Node (thinkagile) Xcc,Hx5521-c Certified Node (thinkagile) Xcc,Hx5531 Certified Node (thinkagile) Xcc,Hx7520 Appliance (thinkagile) Xcc,Hx7521 Certified Node (thinkagile) Xcc,Hx7530 Appl For SAP Hana (thinkagile) Xcc,Hx7531 Certified Node (thinkagile) Xcc,Hx7531 Node SAP Hana (thinkagile) Xcc,Hx7820 Appliance (thinkagile) Xcc,Hx7821 Certified Node (thinkagile) Xcc,Mx Edge Appliance - Mx1020 (thinkagile) Xcc,Mx3330-f All-flash Appliance (thinkagile) Xcc,Mx3330-h Hybrid Appliance (thinkagile) Xcc,Mx3331-f All-flash Certified Node (thinkagile) Xcc,Mx3331-h Hybrid Certified Node (thinkagile) Xcc,Mx3530 F All Flash Appliance (thinkagile) Xcc,Mx3530-h Hybrid Appliance (thinkagile) Xcc,Mx3531 H Hybrid Certified Node (thinkagile) Xcc,Mx3531-f All-flash Certified Node (thinkagile) Xcc,P920 Rack Workstation (thinkstation) Xcc,Sd530 (thinksystem) Xcc,Sd530 V3 (thinksystem) Xcc,Sd550 V3 (thinksystem) Xcc,Sd630 V2 (thinksystem) Xcc,Sd650 Dwc Dual Node Tray (thinksystem) Xcc,Sd650 V2 (thinksystem) Xcc,Sd650 V3 (thinksystem) Xcc,Sd650-n V2 (thinksystem) Xcc,Sd665 V3 (thinksystem) Xcc,Se350 (thinksystem) Xcc,Se350 V2 (thinkedge) Xcc,Se360 V2 (thinkedge) Xcc,Se450 (thinkedge) Xcc,Se455 V3 (thinkedge) Xcc,Sn550 (thinksystem) Xcc,Sn550 V2 (thinksystem) Xcc,Sn850 (thinksystem) Xcc,Sr150 (thinksystem) Xcc,Sr158 (thinksystem) Xcc,Sr250 (thinksystem) Xcc,Sr250 V2 (thinksystem) Xcc,Sr250 V3 (thinksystem) Xcc,Sr258 (thinksystem) Xcc,Sr258 V2 (thinksystem) Xcc,Sr258 V3 (thinksystem) Xcc,Sr530 (thinksystem) Xcc,Sr550 (thinksystem) Xcc,Sr570  (thinksystem) Xcc,Sr590 (thinksystem) Xcc,Sr630  (thinksystem) Xcc,Sr630 V2 (thinksystem) Xcc,Sr630 V3 (thinksystem) Xcc,Sr635 V3 (thinksystem) Xcc,Sr645 (thinksystem) Xcc,Sr645 V3 (thinksystem) Xcc,Sr650  (thinksystem) Xcc,Sr650 V2 (thinksystem) Xcc,Sr650 V3 (thinksystem) Xcc,Sr655 V3 (thinksystem) Xcc,Sr665 (thinksystem) Xcc,Sr665 V3 (thinksystem) Xcc,Sr670 (thinksystem) Xcc,Sr670 V2 (thinksystem) Xcc,Sr675 V3 (thinksystem) Xcc,Sr850 (thinksystem) Xcc,Sr850 V2 (thinksystem) Xcc,Sr850 V3 (thinksystem) Xcc,Sr850p (thinksystem) Xcc,Sr860 (thinksystem) Xcc,Sr860 V2 (thinksystem) Xcc,Sr860 V3 (thinksystem) Xcc,Sr950 (thinksystem) Xcc,Sr950 V3 (thinksystem) Xcc,St250 (thinksystem) Xcc,St250 V2 (thinksystem) Xcc,St258 (thinksystem) Xcc,St258 V2 (thinksystem) Xcc,St258 V3 (thinksystem) Xcc,St550 (thinksystem) Xcc,St650 V2 (thinksystem) Xcc,St650 V3 (thinksystem) Xcc,St658 V2 (thinksystem) Xcc,St658 V3 (thinksystem) Xcc,Thinkagile Mx1021 On Se350 Xcc,Vx 1se Certified Node (thinkagile) Xcc,Vx 2u4n Certified Node (thinkagile) Xcc,Vx 4u Certified Node (thinkagile) Xcc,Vx1320 (thinkagile) Xcc,Vx2320 (thinkagile) Xcc,Vx2330 Appliance (thinkagile) Xcc,Vx3320 (thinkagile) Xcc,Vx3330 Appliance (thinkagile) Xcc,Vx3520-g (thinkagile) Xcc,Vx3530-g Appliance (thinkagile) Xcc,Vx3720 (thinkagile) Xcc,Vx5520 (thinkagile) Xcc,Vx5530 Appliance (thinkagile) Xcc,Vx635 V3 Integrated System (thinkagile) Xcc,Vx645 V3 Certified Node (thinkagile) Xcc,Vx645 V3 Integrated System (thinkagile) Xcc,Vx655 V3 Certified Node (thinkagile) Xcc,Vx655 V3 Integrated System (thinkagile) Xcc,Vx665 V3 Certified Node (thinkagile) Xcc,Vx665 V3 Integrated System (thinkagile) Xcc,Vx7320 N (thinkagile) Xcc,Vx7330 Appliance (thinkagile) Xcc,Vx7520 (thinkagile) Xcc,Vx7520 N (thinkagile) Xcc,Vx7530 Appliance (thinkagile) Xcc,Vx7531 Certified Node (thinkagile) Xcc,Vx7820 (thinkagile) Xcc",7.2,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-09-13T17:27:30.967Z,0
CVE-2024-8278,https://securityvulnerability.io/vulnerability/CVE-2024-8278,Possible Command Injection Vulnerability in XCC IPMI,"A privilege escalation vulnerability has been identified in Lenovo's XCC product, allowing authenticated users with elevated privileges to execute command injection. This security flaw is exploited through specially crafted IPMI commands, potentially compromising system integrity and confidentiality. Organizations using affected versions of XCC are advised to review their security measures and apply any available patches or updates to mitigate the risks associated with this vulnerability.",Lenovo,"Hx5530 Appliance (thinkagile) Xcc,Hx7530 Appliance (thinkagile) Xcc,St250 V3 (thinksystem) Xcc,Vx3331 Certified Node (thinkagile) Xcc,Hx Enclosure Certified Node (thinkagile) Xcc,Hx1021 Edge Certified Node 3yr (thinkagile) Xcc,Hx1320 Appliance (thinkagile) Xcc,Hx1321 Certified Node (thinkagile) Xcc,Hx1331 Certified Node (thinkagile) Xcc,Hx1520-r Appliance (thinkagile) Xcc,Hx1521-r Certified Node (thinkagile) Xcc,Hx2320-e Appliance (thinkagile) Xcc,Hx2321 Certified Node (thinkagile) Xcc,Hx2330 Appliance (thinkagile) Xcc,Hx2331 Certified Node (thinkagile) Xcc,Hx2720-e Appliance (thinkagile) Xcc,Hx3320 Appliance (thinkagile) Xcc,Hx3321 Certified Node (thinkagile) Xcc,Hx3330 Appliance (thinkagile) Xcc,Hx3331 Certified Node (thinkagile) Xcc,Hx3331 Node SAP Hana (thinkagile) Xcc,Hx3375 Appliance (thinkagile) Xcc,Hx3376 Certified Node (thinkagile) Xcc,Hx3520-g Appliance (thinkagile) Xcc,Hx3521-g Certified Node (thinkagile) Xcc,Hx3720 Appliance (thinkagile) Xcc,Hx3721 Certified Node (thinkagile) Xcc,Hx5520 Appliance (thinkagile) Xcc,Hx5520-c Appliance (thinkagile) Xcc,Hx5521 Certified Node (thinkagile) Xcc,Hx5521-c Certified Node (thinkagile) Xcc,Hx5531 Certified Node (thinkagile) Xcc,Hx7520 Appliance (thinkagile) Xcc,Hx7521 Certified Node (thinkagile) Xcc,Hx7530 Appl For SAP Hana (thinkagile) Xcc,Hx7531 Certified Node (thinkagile) Xcc,Hx7531 Node SAP Hana (thinkagile) Xcc,Hx7820 Appliance (thinkagile) Xcc,Hx7821 Certified Node (thinkagile) Xcc,Mx Edge Appliance - Mx1020 (thinkagile) Xcc,Mx3330-f All-flash Appliance (thinkagile) Xcc,Mx3330-h Hybrid Appliance (thinkagile) Xcc,Mx3331-f All-flash Certified Node (thinkagile) Xcc,Mx3331-h Hybrid Certified Node (thinkagile) Xcc,Mx3530 F All Flash Appliance (thinkagile) Xcc,Mx3530-h Hybrid Appliance (thinkagile) Xcc,Mx3531 H Hybrid Certified Node (thinkagile) Xcc,Mx3531-f All-flash Certified Node (thinkagile) Xcc,P920 Rack Workstation (thinkstation) Xcc,Sd530 (thinksystem) Xcc,Sd530 V3 (thinksystem) Xcc,Sd550 V3 (thinksystem) Xcc,Sd630 V2 (thinksystem) Xcc,Sd650 Dwc Dual Node Tray (thinksystem) Xcc,Sd650 V2 (thinksystem) Xcc,Sd650 V3 (thinksystem) Xcc,Sd650-n V2 (thinksystem) Xcc,Sd665 V3 (thinksystem) Xcc,Se350 (thinksystem) Xcc,Se350 V2 (thinkedge) Xcc,Se360 V2 (thinkedge) Xcc,Se450 (thinkedge) Xcc,Se455 V3 (thinkedge) Xcc,Sn550 (thinksystem) Xcc,Sn550 V2 (thinksystem) Xcc,Sn850 (thinksystem) Xcc,Sr150 (thinksystem) Xcc,Sr158 (thinksystem) Xcc,Sr250 (thinksystem) Xcc,Sr250 V2 (thinksystem) Xcc,Sr250 V3 (thinksystem) Xcc,Sr258 (thinksystem) Xcc,Sr258 V2 (thinksystem) Xcc,Sr258 V3 (thinksystem) Xcc,Sr530 (thinksystem) Xcc,Sr550 (thinksystem) Xcc,Sr570  (thinksystem) Xcc,Sr590 (thinksystem) Xcc,Sr630  (thinksystem) Xcc,Sr630 V2 (thinksystem) Xcc,Sr630 V3 (thinksystem) Xcc,Sr635 V3 (thinksystem) Xcc,Sr645 (thinksystem) Xcc,Sr645 V3 (thinksystem) Xcc,Sr650  (thinksystem) Xcc,Sr650 V2 (thinksystem) Xcc,Sr650 V3 (thinksystem) Xcc,Sr655 V3 (thinksystem) Xcc,Sr665 (thinksystem) Xcc,Sr665 V3 (thinksystem) Xcc,Sr670 (thinksystem) Xcc,Sr670 V2 (thinksystem) Xcc,Sr675 V3 (thinksystem) Xcc,Sr850 (thinksystem) Xcc,Sr850 V2 (thinksystem) Xcc,Sr850 V3 (thinksystem) Xcc,Sr850p (thinksystem) Xcc,Sr860 (thinksystem) Xcc,Sr860 V2 (thinksystem) Xcc,Sr860 V3 (thinksystem) Xcc,Sr950 (thinksystem) Xcc,Sr950 V3 (thinksystem) Xcc,St250 (thinksystem) Xcc,St250 V2 (thinksystem) Xcc,St258 (thinksystem) Xcc,St258 V2 (thinksystem) Xcc,St258 V3 (thinksystem) Xcc,St550 (thinksystem) Xcc,St650 V2 (thinksystem) Xcc,St650 V3 (thinksystem) Xcc,St658 V2 (thinksystem) Xcc,St658 V3 (thinksystem) Xcc,Thinkagile Mx1021 On Se350 Xcc,Vx 1se Certified Node (thinkagile) Xcc,Vx 2u4n Certified Node (thinkagile) Xcc,Vx 4u Certified Node (thinkagile) Xcc,Vx1320 (thinkagile) Xcc,Vx2320 (thinkagile) Xcc,Vx2330 Appliance (thinkagile) Xcc,Vx3320 (thinkagile) Xcc,Vx3330 Appliance (thinkagile) Xcc,Vx3520-g (thinkagile) Xcc,Vx3530-g Appliance (thinkagile) Xcc,Vx3720 (thinkagile) Xcc,Vx5520 (thinkagile) Xcc,Vx5530 Appliance (thinkagile) Xcc,Vx635 V3 Integrated System (thinkagile) Xcc,Vx645 V3 Certified Node (thinkagile) Xcc,Vx645 V3 Integrated System (thinkagile) Xcc,Vx655 V3 Certified Node (thinkagile) Xcc,Vx655 V3 Integrated System (thinkagile) Xcc,Vx665 V3 Certified Node (thinkagile) Xcc,Vx665 V3 Integrated System (thinkagile) Xcc,Vx7320 N (thinkagile) Xcc,Vx7330 Appliance (thinkagile) Xcc,Vx7520 (thinkagile) Xcc,Vx7520 N (thinkagile) Xcc,Vx7530 Appliance (thinkagile) Xcc,Vx7531 Certified Node (thinkagile) Xcc,Vx7820 (thinkagile) Xcc",7.2,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-09-13T17:27:19.968Z,0
CVE-2024-4763,https://securityvulnerability.io/vulnerability/CVE-2024-4763,Local Privilege Escalation Vulnerability in Lenovo Display Control Center and Accessories and Display Manager,"An insecure driver vulnerability has been identified in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM). This vulnerability could be exploited by local attackers, potentially leading to unauthorized privilege escalation to kernel-level access. It highlights the importance of maintaining updated applications and monitoring system vulnerabilities, as attackers can gain elevated privileges through compromised software components.",Lenovo,,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-16T15:15:00.000Z,0
CVE-2024-2175,https://securityvulnerability.io/vulnerability/CVE-2024-2175,Lenovo Display Control Center and Accessories Vulnerability Could Lead to Privilege Escalation,"An insecure permissions vulnerability has been identified in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM). This security flaw allows local attackers to exploit the affected software, potentially leading to unauthorized privilege escalation. Users of these products should be aware of the risks associated with this vulnerability and take necessary precautions to mitigate potential threats.",Lenovo,,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-16T15:15:00.000Z,0
CVE-2019-6197,https://securityvulnerability.io/vulnerability/CVE-2019-6197,Lenovo PC Manager Privilege Escalation Vulnerability,"A vulnerability has been identified in Lenovo PC Manager versions before 2.8.90.11211 that may permit local attackers to escalate their privileges. This escalation could enable unauthorized access to restricted system resources, posing significant security risks for users of the affected software. Users are advised to update to the latest version to mitigate potential exploitation of this vulnerability.",Lenovo,Pc Manager,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-31T20:30:25.843Z,0
CVE-2019-6198,https://securityvulnerability.io/vulnerability/CVE-2019-6198,Lenovo PC Manager Vulnerability Allows Local Attacker to Escalate Privileges,"A security vulnerability exists in Lenovo PC Manager that allows a local attacker to potentially escalate privileges. This issue affects versions earlier than 2.8.90.11211. The flaw enables unauthorized users to gain elevated access to system resources, which can lead to further exploitation of the operating system and applications. Users are advised to update to the latest version of the software to mitigate any risk associated with this vulnerability.",Lenovo,Pc Manager,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-31T20:30:16.910Z,0
CVE-2023-1577,https://securityvulnerability.io/vulnerability/CVE-2023-1577,Lenovo Driver Manager Path Hijacking Vulnerability Could Lead to Code Execution,"A vulnerability exists in Lenovo Driver Manager that allows local users to exploit a path hijacking flaw. This can potentially lead to unauthorized code execution with elevated privileges, posing a significant security risk. This issue affects versions of Lenovo Driver Manager prior to 3.1.1307.1308, making it essential for users to update their software to mitigate the risks associated with this vulnerability.",Lenovo,Driver Manager,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-31T20:29:31.733Z,0
CVE-2024-38511,https://securityvulnerability.io/vulnerability/CVE-2024-38511,Privilege Escalation Vulnerability in XCC Upload Processing,"A privilege escalation vulnerability exists in Lenovo's XCC product related to the upload processing functionality. This flaw can be exploited by an authenticated user with elevated privileges to execute command injection through specially crafted file uploads, potentially compromising system integrity and security. Users are advised to review their configurations and update to the latest versions of XCC to mitigate the risk associated with this vulnerability.",Lenovo,Xclarity Controller,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-26T20:15:00.000Z,0
CVE-2024-38512,https://securityvulnerability.io/vulnerability/CVE-2024-38512,Privilege Escalation Vulnerability in XCC Could Allow Command Injection via IPMI Commands,"A privilege escalation vulnerability has been identified in Lenovo's XCC product, enabling an authenticated user with elevated privileges to execute command injection by sending specially crafted IPMI commands. This vulnerability poses potential risks for systems dependent on XCC, as it can allow unauthorized control over critical system functionalities when exploited.",Lenovo,Xclarity Controller,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-26T20:15:00.000Z,0
CVE-2024-38510,https://securityvulnerability.io/vulnerability/CVE-2024-38510,Privilege Escalation Vulnerability in SSH Captive Command Shell Interface,"A vulnerability has been identified in Lenovo's SSH captive command shell interface, enabling privilege escalation for authenticated XCC users with elevated privileges. It allows for the execution of command injection attacks through the upload of specially crafted files. This security flaw poses significant risks, as attackers can exploit it to gain unauthorized access to sensitive system functionalities and execute arbitrary commands, compromising the integrity and security of affected environments.",Lenovo,Xclarity Controller,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-26T20:15:00.000Z,0