Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lenovo lenovo system update vulnerabilities and exploits
(subscribe to this query)
6.9
CVSSv2
CVE-2015-7335
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.
Lenovo System Update
7.2
CVSSv2
CVE-2015-6971
Lenovo System Update (formerly ThinkVantage System Update) prior to 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.
Lenovo System Update
5
CVSSv2
CVE-2015-7336
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.
Lenovo System Update
4.6
CVSSv2
CVE-2018-9063
MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as e...
Lenovo System Update
6.9
CVSSv2
CVE-2015-2234
Race condition in Lenovo System Update (formerly ThinkVantage System Update) prior to 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.
Lenovo System Update
7.2
CVSSv2
CVE-2015-2219
Lenovo System Update (formerly ThinkVantage System Update) prior to 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.
Lenovo System Update
1 EDB exploit
8.3
CVSSv2
CVE-2015-2233
Lenovo System Update (formerly ThinkVantage System Update) prior to 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle malicious users to upload and execute arbitrary files via a crafted certificate.
Lenovo System Update
NA
CVE-2022-4568
A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.
Lenovo System Update
7.2
CVSSv2
CVE-2022-0354
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released prior to 2022-02-25 that displays a command prom...
Lenovo System Update
NA
CVE-2023-4632
An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.
Lenovo System Update
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »