Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lenovo thinkvantage system update vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-3249
The client in Lenovo System Update prior to 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote malicious users to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.
Lenovo Thinkvantage System Update 3.13
Lenovo Thinkvantage System Update
7
CVSSv3
CVE-2015-8109
Lenovo System Update (formerly ThinkVantage System Update) prior to 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administr...
Lenovo Lenovo System Update
1 Article
7.8
CVSSv3
CVE-2015-8110
Lenovo System Update (formerly ThinkVantage System Update) prior to 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a tempo...
Lenovo Lenovo System Update
1 Article
7.8
CVSSv3
CVE-2015-6971
Lenovo System Update (formerly ThinkVantage System Update) prior to 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.
Lenovo System Update
NA
CVE-2015-2233
Lenovo System Update (formerly ThinkVantage System Update) prior to 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle malicious users to upload and execute arbitrary files via a crafted certificate.
Lenovo System Update
NA
CVE-2015-2234
Race condition in Lenovo System Update (formerly ThinkVantage System Update) prior to 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.
Lenovo System Update
NA
CVE-2015-2219
Lenovo System Update (formerly ThinkVantage System Update) prior to 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.
Lenovo System Update
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started