Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lenovo system update vulnerabilities and exploits
(subscribe to this query)
454
VMScore
CVE-2008-3249
The client in Lenovo System Update prior to 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote malicious users to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.
Lenovo Thinkvantage System Update 3.13
Lenovo Thinkvantage System Update
641
VMScore
CVE-2015-8110
Lenovo System Update (formerly ThinkVantage System Update) prior to 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a tempo...
Lenovo Lenovo System Update
1 Article
614
VMScore
CVE-2015-8109
Lenovo System Update (formerly ThinkVantage System Update) prior to 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administr...
Lenovo Lenovo System Update
1 Article
NA
CVE-2023-4632
An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.
Lenovo System Update
445
VMScore
CVE-2015-7336
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.
Lenovo System Update
409
VMScore
CVE-2018-9063
MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as e...
Lenovo System Update
614
VMScore
CVE-2015-7335
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.
Lenovo System Update
739
VMScore
CVE-2015-2233
Lenovo System Update (formerly ThinkVantage System Update) prior to 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle malicious users to upload and execute arbitrary files via a crafted certificate.
Lenovo System Update
614
VMScore
CVE-2015-2234
Race condition in Lenovo System Update (formerly ThinkVantage System Update) prior to 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.
Lenovo System Update
725
VMScore
CVE-2015-2219
Lenovo System Update (formerly ThinkVantage System Update) prior to 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.
Lenovo System Update
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »