Lucene search
+L

311 matches found

CNNVD
CNNVD
added 2025/07/17 12:0 a.m.6 views

Lenovo Vantage 安全漏洞

Lenovo Vantage is a computer management application from the Chinese company Lenovo Lenovo. The program supports features such as driver updates, device status diagnostics, and computer configuration. A security vulnerability exists in Lenovo Vantage that stems from the presence of a SQL injectio...

5.3CVSS7.8AI score0.00151EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/11 12:0 a.m.7 views

PT-2025-29198 · Lenovo · Lenovo Vantage

Name of the Vulnerable Software and Affected Versions: Lenovo Vantage affected versions not specified Description: A SQL injection vulnerability exists in Lenovo Vantage. This issue could allow a local attacker to modify the local SQLite database and execute code with elevated permissions...

7.8CVSS7.5AI score0.00151EPSS
Exploits0References9
Lenovo
Lenovo
added 2025/07/08 9:48 p.m.5 views

Lenovo Vantage Privilege Escalation - Lenovo Support US

No description provided...

7.3AI score
Exploits0
vulnersOsv
vulnersOsv
added 2025/06/12 6:15 p.m.6 views

vantage6-algorithm-store (>=4.10.0 <=4.10.2), vantage6-node (>=0.0.0 <=4.10.2) +1 more potentially affected by CVE-2025-43863 via vantage6 (>=0.0.0 <=4.10.2)

vantage6 PYPI version =0.0.0, =4.10.0, =0.0.0, =0.0.0, =4.10.2 Source cves: CVE-2025-43863 Source advisory: OSV:PYSEC-2025-220...

9.8CVSS5.8AI score0.00397EPSS
Exploits0
OSV
OSV
added 2025/06/12 6:15 p.m.8 views

PYSEC-2025-221

vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is...

7.5CVSS5.8AI score0.0033EPSS
Exploits0References1
OSV
OSV
added 2025/06/12 6:15 p.m.7 views

PYSEC-2025-220

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...

9.8CVSS5.8AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:6 a.m.10 views

CVE-2024-52870

Teradata Vantage Editor 1.0.1 is mostly intended for SQL database access and docs.teradata.com access, but provides unintended functionality including Chromium Developer Tools that can result in a client user accessing arbitrary remote websites...

7.1CVSS7.8AI score0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:58 a.m.8 views

CVE-2023-6044

A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges...

6.8CVSS7.6AI score0.00188EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:57 a.m.11 views

CVE-2023-6043

A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges...

7.8CVSS7.8AI score0.00171EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:16 a.m.7 views

CVE-2023-22738

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain...

6.5CVSS6.7AI score0.00375EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:55 a.m.6 views

CVE-2022-3702

A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions...

7.1CVSS6.7AI score0.00119EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:14 p.m.7 views

CVE-2022-3700

A Time of Check Time of Use TOCTOU vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files...

6.3CVSS6.8AI score0.00105EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:36 p.m.9 views

CVE-2020-9020

Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field...

10CVSS7.6AI score0.02535EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:35 p.m.10 views

CVE-2020-9023

Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords User bluetooth, password bluetooth; User eclipse, password eclipse. Also, bluetooth is the root password...

9.8CVSS7.3AI score0.01487EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:43 p.m.9 views

CVE-2020-9025

Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script...

6.1CVSS6AI score0.00668EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:43 p.m.8 views

CVE-2020-9024

Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl executed as root by crond and /root/loadperl.sh executed as root at boot time scripts...

10CVSS7.2AI score0.01843EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:15 p.m.8 views

CVE-2020-15797

A vulnerability has been identified in DCA Vantage Analyzer All versions V4.5 are affected by CVE-2020-7590. In addition, serial numbers 40000 running software V4.4.0 are also affected by CVE-2020-15797. Improper Access Control could allow an unauthenticated attacker to escape from the restricted...

7.2CVSS6.5AI score0.00384EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/14 9:25 p.m.10 views

CVE-2024-12673

An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: Lenovo V Series Gen 5 ThinkBook 14...

8.5CVSS6.7AI score0.00177EPSS
Exploits0References1
NVD
NVD
added 2025/02/12 9:15 p.m.24 views

CVE-2024-12673

An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: Lenovo V Series Gen 5 ThinkBook 14...

8.5CVSS0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/12 8:31 p.m.14 views

CVE-2024-12673

An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: Lenovo V Series Gen 5 ThinkBook 14...

8.5CVSS0.00177EPSS
Exploits0References1
Rows per page
Query Builder