Note:
This project will be discontinued after December 13, 2021. [more]
Product:
System_update
(Lenovo)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-11-08 | CVE-2023-4632 | An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges. | System_update | 7.8 | ||
| 2022-04-22 | CVE-2022-0354 | A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window. | System_update | 7.8 | ||
| 2023-05-01 | CVE-2022-4568 | A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges. | System_update | 7.8 | ||
| 2020-09-15 | CVE-2020-8342 | A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. | System_update | 7.0 | ||
| 2020-03-27 | CVE-2015-7336 | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed. | System_update | N/A | ||
| 2020-03-27 | CVE-2015-7335 | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges. | System_update | N/A | ||
| 2020-03-27 | CVE-2015-7334 | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges. | System_update | N/A | ||
| 2020-03-27 | CVE-2015-7333 | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges. | System_update | N/A | ||
| 2019-09-26 | CVE-2019-6175 | A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. | System_update | N/A | ||
| 2019-06-26 | CVE-2019-6163 | A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations. | System_update | 7.5 |