lenovo system_update CVE Vulnerabilities (15)

CVEs: 15 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting lenovo system_update (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 115 of 15 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2023-4632 An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges. [email protected] 7.8 0.32% 2023-11-08 2026-06-17
CVE-2022-4568 A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges. [email protected] 7.0 0.19% 2023-05-01 2026-06-17
CVE-2022-0354 A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window. [email protected] 7.3 0.24% 2022-04-22 2026-06-17
CVE-2020-8342 A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. [email protected] 7.3 0.22% 2020-09-15 2026-06-16
CVE-2015-7336 MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed. [email protected] 7.5 0.59% 2020-03-27 2026-06-16
CVE-2015-7335 MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges. [email protected] 7.0 0.23% 2020-03-27 2026-06-16
CVE-2015-7334 MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges. [email protected] 7.8 0.36% 2020-03-27 2026-06-16
CVE-2015-7333 MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges. [email protected] 7.8 0.35% 2020-03-27 2026-06-16
CVE-2019-6175 A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. [email protected] 7.5 1.68% 2019-09-26 2026-06-16
CVE-2019-6163 A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations. [email protected] 5.5 0.84% 2019-06-26 2026-06-16
CVE-2018-9063 MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv. [email protected] 7.8 0.40% 2018-05-04 2026-06-16
CVE-2015-6971 Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables. [email protected] 7.8 0.47% 2017-10-02 2026-06-16
CVE-2015-2234 Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated. [email protected] 6.9 0.27% 2015-05-12 2026-06-16
CVE-2015-2233 Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate. [email protected] 8.3 0.40% 2015-05-12 2026-06-16
CVE-2015-2219 Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe. [email protected] 7.2 4.15% 2015-05-12 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence