Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lenovo system update vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2016-8237
Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle malicious users to execute arbitrary code.
Lenovo Updates -
8.5
CVSSv2
CVE-2018-16089
In System Management Module (SMM) versions before 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user.
Lenovo System Management Module Firmware
8.3
CVSSv2
CVE-2015-2233
Lenovo System Update (formerly ThinkVantage System Update) prior to 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle malicious users to upload and execute arbitrary files via a crafted certificate.
Lenovo System Update
7.8
CVSSv2
CVE-2019-6175
A denial of service vulnerability was reported in Lenovo System Update versions before 5.07.0088 that could allow configuration files to be written to non-standard locations.
Lenovo System Update
7.5
CVSSv2
CVE-2011-3556
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and previous versions, 5.0 Update 31 and previous versions, 1.4.2_33 and previous versions, and JRockit R28.1.4 and previous versions allows remote malicious users to ...
Sun Jre 1.7.0
Sun Jdk 1.7.0
Oracle Jrockit
Oracle Jrockit R28.0.1
Oracle Jrockit R28.0.0
Oracle Jrockit R28.1.3
Oracle Jrockit R28.1.1
Oracle Jrockit R28.1.0
Oracle Jrockit R28.0.2
Sun Jre 1.6.0
Sun Jdk 1.6.0
Sun Jdk
Sun Jre
Sun Jre 1.5.0
Sun Jdk 1.5.0
Sun Jre 1.4.2 32
Sun Jre 1.4.2 31
Sun Jre 1.4.2 30
Sun Jre 1.4.2 23
Sun Jre 1.4.2 22
Sun Jre 1.4.2 15
Sun Jre 1.4.2 14
1 EDB exploit
1 Github repository
7.2
CVSSv2
CVE-2022-0354
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released prior to 2022-02-25 that displays a command prom...
Lenovo System Update
7.2
CVSSv2
CVE-2015-7333
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMP...
Lenovo System Update
7.2
CVSSv2
CVE-2015-7334
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could ...
Lenovo System Update
7.2
CVSSv2
CVE-2015-6971
Lenovo System Update (formerly ThinkVantage System Update) prior to 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.
Lenovo System Update
7.2
CVSSv2
CVE-2015-8110
Lenovo System Update (formerly ThinkVantage System Update) prior to 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a tempo...
Lenovo Lenovo System Update
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »