Skip to main content

System Update

11 CVEs product

Monthly

CVE-2023-4632 HIGH PATCH This Week

An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Lenovo Information Disclosure System Update
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-0354 HIGH POC This Week

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Lenovo Information Disclosure System Update
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2021-21529 MEDIUM This Month

Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service System Update
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-8342 HIGH PATCH This Week

A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. Rated high severity (CVSS 7.0).

Lenovo Privilege Escalation System Update
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2019-6175 HIGH PATCH This Week

A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Lenovo System Update
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-6163 HIGH This Week

A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Lenovo System Update
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2018-9063 HIGH This Week

MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo RCE Buffer Overflow System Update
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2015-6971 HIGH POC This Week

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lenovo System Update
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-2234 MEDIUM This Month

Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain. Rated medium severity (CVSS 6.9). No vendor patch available.

Race Condition Information Disclosure Lenovo System Update
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2015-2233 HIGH This Week

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo System Update
NVD
CVSS 2.0
8.3
EPSS
0.1%
CVE-2015-2219 HIGH POC THREAT Act Now

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 29.6%.

Privilege Escalation Lenovo System Update
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
29.6%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Lenovo Information Disclosure System Update
NVD
EPSS 0% CVSS 7.3
HIGH POC This Week

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Lenovo Information Disclosure System Update
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service System Update
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. Rated high severity (CVSS 7.0).

Lenovo Privilege Escalation System Update
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Lenovo System Update
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Lenovo System Update
NVD
EPSS 0% CVSS 7.8
HIGH This Week

MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo RCE Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lenovo System Update
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain. Rated medium severity (CVSS 6.9). No vendor patch available.

Race Condition Information Disclosure Lenovo +1
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo System Update
NVD
EPSS 30% CVSS 7.2
HIGH POC THREAT Act Now

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 29.6%.

Privilege Escalation Lenovo System Update
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy