Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lenovo system update vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2018-9063
MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as e...
Lenovo System Update
NA
CVE-2015-2234
Race condition in Lenovo System Update (formerly ThinkVantage System Update) prior to 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.
Lenovo System Update
NA
CVE-2015-2219
Lenovo System Update (formerly ThinkVantage System Update) prior to 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.
Lenovo System Update
1 EDB exploit
NA
CVE-2015-2233
Lenovo System Update (formerly ThinkVantage System Update) prior to 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle malicious users to upload and execute arbitrary files via a crafted certificate.
Lenovo System Update
7.8
CVSSv3
CVE-2022-4568
A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.
Lenovo System Update
7.8
CVSSv3
CVE-2022-0354
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released prior to 2022-02-25 that displays a command prom...
Lenovo System Update
7.8
CVSSv3
CVE-2023-4632
An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.
Lenovo System Update
7.1
CVSSv3
CVE-2022-3702
A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and previous versions that could allow a local malicious user to delete contents of an arbitrary directory under certain conditions.
Lenovo System Update Plugin
Lenovo Hardware Scan Plugin
Lenovo Hardware Scan Addin
6.3
CVSSv3
CVE-2022-3700
A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and previous versions that could allow a local malicious user to delete arbitrary files.
Lenovo System Update Plugin
Lenovo Hardware Scan Plugin
Lenovo Hardware Scan Addin
7.8
CVSSv3
CVE-2022-3701
A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and previous versions that could allow a local malicious user to execute arbitrary code with elevated privileges.
Lenovo System Update Plugin
Lenovo Hardware Scan Plugin
Lenovo Hardware Scan Addin
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »