VYPR

System Update

by Lenovo

CVEs (21)

  • CVE-2018-9063HigMay 4, 2018
    risk 0.51cvss 7.8epss 0.00

    MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as…

  • CVE-2015-6971HigOct 3, 2017
    risk 0.51cvss 7.8epss 0.00

    Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.

  • CVE-2015-8110HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.01

    Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator…

  • CVE-2022-0354HigApr 22, 2022
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command…

  • CVE-2015-8109HigApr 24, 2017
    risk 0.46cvss 7.0epss 0.00

    Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator…

  • CVE-2015-2219May 12, 2015
    risk 0.03cvss epss 0.04

    Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.

  • CVE-2023-4632Nov 8, 2023
    risk 0.00cvss epss 0.00

    An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.

  • CVE-2022-4568May 1, 2023
    risk 0.00cvss epss 0.00

    A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.

  • CVE-2022-34404Feb 10, 2023
    risk 0.00cvss epss 0.00

    Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service.

  • CVE-2022-22554Jan 24, 2022
    risk 0.00cvss epss 0.00

    Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. A local attacker with user privleges could potentially exploit this vulnerability leading to the disclosure of user passwords.

  • CVE-2021-21529Apr 2, 2021
    risk 0.00cvss epss 0.00

    Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to cause the system to run out of memory by running multiple instances of the…

  • CVE-2020-8342Sep 15, 2020
    risk 0.00cvss epss 0.00

    A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.

  • CVE-2015-7334Mar 27, 2020
    risk 0.00cvss epss 0.00

    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could…

  • CVE-2015-7333Mar 27, 2020
    risk 0.00cvss epss 0.00

    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and…

  • CVE-2015-7336Mar 27, 2020
    risk 0.00cvss epss 0.01

    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.

  • CVE-2015-7335Mar 27, 2020
    risk 0.00cvss epss 0.00

    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.

  • CVE-2019-6175Sep 26, 2019
    risk 0.00cvss epss 0.02

    A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations.

  • CVE-2019-6163Jun 26, 2019
    risk 0.00cvss epss 0.01

    A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.

  • CVE-2015-2234May 12, 2015
    risk 0.00cvss epss 0.00

    Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.

  • CVE-2015-2233May 12, 2015
    risk 0.00cvss epss 0.00

    Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate.

Page 1 of 2