Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lenovo lenovo system update vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-6175
A denial of service vulnerability was reported in Lenovo System Update versions before 5.07.0088 that could allow configuration files to be written to non-standard locations.
Lenovo System Update
NA
CVE-2015-2233
Lenovo System Update (formerly ThinkVantage System Update) prior to 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle malicious users to upload and execute arbitrary files via a crafted certificate.
Lenovo System Update
NA
CVE-2015-2234
Race condition in Lenovo System Update (formerly ThinkVantage System Update) prior to 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.
Lenovo System Update
7.8
CVSSv3
CVE-2022-0354
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released prior to 2022-02-25 that displays a command prom...
Lenovo System Update
7
CVSSv3
CVE-2015-7335
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.
Lenovo System Update
7.5
CVSSv3
CVE-2015-7336
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.
Lenovo System Update
NA
CVE-2015-2219
Lenovo System Update (formerly ThinkVantage System Update) prior to 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.
Lenovo System Update
1 EDB exploit
7
CVSSv3
CVE-2020-8342
A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.
Lenovo System Update
7.8
CVSSv3
CVE-2015-7333
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMP...
Lenovo System Update
7.8
CVSSv3
CVE-2015-7334
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could ...
Lenovo System Update
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »