CVE-2018-9063
- EPSS 0.09%
- Veröffentlicht 04.05.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 04:14:53
MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undef...
CVE-2015-6971
- EPSS 0.12%
- Veröffentlicht 03.10.2017 01:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.
CVE-2015-2234
- EPSS 0.03%
- Veröffentlicht 12.05.2015 19:59:15
- Zuletzt bearbeitet 12.04.2025 10:46:40
Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature...
CVE-2015-2233
- EPSS 0.08%
- Veröffentlicht 12.05.2015 19:59:14
- Zuletzt bearbeitet 12.04.2025 10:46:40
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate.
CVE-2015-2219
- EPSS 29.58%
- Veröffentlicht 12.05.2015 19:59:10
- Zuletzt bearbeitet 12.04.2025 10:46:40
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an ...