App Store
by Lenovo
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-12046 | Hig | 0.51 | 7.8 | 0.00 | Dec 10, 2025 | A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions. | ||
| CVE-2025-10495 | Hig | 0.49 | 7.5 | 0.00 | Nov 12, 2025 | A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code. | ||
| CVE-2024-10254 | Med | 0.31 | 4.7 | 0.00 | Jan 14, 2025 | A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. | ||
| CVE-2024-10253 | Med | 0.31 | 4.7 | 0.00 | Jan 14, 2025 | A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. | ||
| CVE-2025-8485 | 0.00 | — | 0.00 | Nov 12, 2025 | An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application. | |||
| CVE-2024-4130 | 0.00 | — | 0.00 | Oct 11, 2024 | A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges. | |||
| CVE-2023-6450 | 0.00 | — | 0.00 | Jan 19, 2024 | An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service. | |||
| CVE-2022-3611 | 0.00 | — | 0.00 | Oct 27, 2023 | An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications. | |||
| CVE-2020-14118 | 0.00 | — | 0.01 | Apr 21, 2022 | An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automatically download and install apps. | |||
| CVE-2020-14121 | 0.00 | — | 0.00 | Apr 21, 2022 | A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation. |
- risk 0.51cvss 7.8epss 0.00
A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions.
- risk 0.49cvss 7.5epss 0.00
A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code.
- risk 0.31cvss 4.7epss 0.00
A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.
- risk 0.31cvss 4.7epss 0.00
A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.
- CVE-2025-8485Nov 12, 2025risk 0.00cvss —epss 0.00
An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application.
- CVE-2024-4130Oct 11, 2024risk 0.00cvss —epss 0.00
A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges.
- CVE-2023-6450Jan 19, 2024risk 0.00cvss —epss 0.00
An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service.
- CVE-2022-3611Oct 27, 2023risk 0.00cvss —epss 0.00
An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications.
- CVE-2020-14118Apr 21, 2022risk 0.00cvss —epss 0.01
An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automatically download and install apps.
- CVE-2020-14121Apr 21, 2022risk 0.00cvss —epss 0.00
A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation.