cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-4632,https://securityvulnerability.io/vulnerability/CVE-2023-4632,Uncontrolled Search Path Vulnerability in Lenovo System Update,"A vulnerability exists in Lenovo System Update that allows an attacker with local access to exploit an uncontrolled search path issue. This flaw could enable the execution of arbitrary code with elevated privileges, potentially compromising system integrity and user privacy. Users are advised to update their systems to the latest version to mitigate any risks associated with this vulnerability.",Lenovo,Lenovo System Update,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-11-08T22:15:00.000Z,0
CVE-2022-4568,https://securityvulnerability.io/vulnerability/CVE-2022-4568,Directory Permissions Management Vulnerability in Lenovo System Update,"A vulnerability exists in Lenovo System Update that pertains to directory permissions management. This issue may allow an attacker to elevate their privileges, potentially leading to unauthorized access or manipulation of system files. Users are advised to apply available security updates to mitigate this risk.",Lenovo,Lenovo System Update,7,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-05-01T14:36:25.547Z,0
CVE-2022-0354,https://securityvulnerability.io/vulnerability/CVE-2022-0354,Elevated Privileges Vulnerability in Lenovo System Update,"A vulnerability exists in Lenovo System Update that allows a local user with interactive access to execute code with elevated privileges. This situation arises when the user installs a System Update package released prior to February 25, 2022, which triggers a command prompt window during the process. Exploitation of this vulnerability could lead to unauthorized actions being performed with elevated permissions, potentially compromising the system's integrity.",Lenovo,System Update,7.3,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-04-22T20:30:47.000Z,0
CVE-2020-8342,https://securityvulnerability.io/vulnerability/CVE-2020-8342,Race Condition Vulnerability in Lenovo System Update,"A race condition vulnerability has been identified in Lenovo System Update, prior to version 5.07.0106, allowing for potential escalation of privilege. This flaw can be exploited by attackers to gain unauthorized access, potentially compromising system security.",Lenovo,System Update,7.3,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-09-15T00:00:00.000Z,0
CVE-2015-7336,https://securityvulnerability.io/vulnerability/CVE-2015-7336,Bypass Vulnerability in Lenovo System Update,"A vulnerability exists in Lenovo System Update, specifically in version 5.07.0008 and earlier, which allows attackers to circumvent the signature verification process for updates. This could potentially enable unauthorized code to be executed on affected systems, posing significant security risks. Lenovo addressed this issue in a public disclosure and updates are recommended for users to ensure protection against potential exploitation.",Lenovo,System Update,7.5,HIGH,0.0008399999933317304,false,,false,false,false,,,false,false,,2020-03-27T14:05:01.000Z,0
CVE-2015-7333,https://securityvulnerability.io/vulnerability/CVE-2015-7333,Local Privilege Escalation in Lenovo System Update by Lenovo,"A local privilege escalation vulnerability exists in Lenovo System Update that allows unauthorized users to execute arbitrary code with elevated privileges. Specifically, this vulnerability arises from improper handling of the SUService.exe with certain command types, enabling threats to leverage this flaw if they gain local access to the system. Users are advised to update to the latest version to mitigate potential risks associated with this vulnerability.",Lenovo,System Update,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-03-27T14:05:01.000Z,0
CVE-2015-7334,https://securityvulnerability.io/vulnerability/CVE-2015-7334,Local Privilege Escalation in Lenovo System Update,"A local privilege escalation vulnerability exists in Lenovo System Update that allows a local user to execute arbitrary code with elevated privileges by leveraging the SUService.exe with the /type COMMAND option. This flaw was publicly disclosed and addressed in 2015, impacting versions prior to 5.07.0008. Users are encouraged to update to the latest version to mitigate the risk associated with this vulnerability.",Lenovo,System Update,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-03-27T14:05:01.000Z,0
CVE-2015-7335,https://securityvulnerability.io/vulnerability/CVE-2015-7335,Race Condition Vulnerability in Lenovo System Update Software,"A race condition vulnerability in Lenovo System Update versions up to 5.07.0008 can permit an attacker to exploit the software, potentially allowing arbitrary code execution with elevated privileges. This flaw could be triggered under specific timing conditions, which may be leveraged by malicious actors to gain unauthorized control over an affected system. Users of Lenovo System Update are advised to update to the latest version to mitigate this risk.",Lenovo,System Update,7,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-03-27T14:05:01.000Z,0
CVE-2019-6175,https://securityvulnerability.io/vulnerability/CVE-2019-6175,System Update Vulnerability,A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations.,Lenovo,System Update,7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2019-09-26T15:22:15.000Z,0
CVE-2019-6163,https://securityvulnerability.io/vulnerability/CVE-2019-6163,Denial of Service Vulnerability in Lenovo System Update Software,A Denial of Service vulnerability exists in Lenovo System Update that could potentially allow service log files to be redirected to non-standard locations. This flaw may disrupt the proper logging functionality and compromise system operations. Users are advised to upgrade to version 5.07.0084 or later to mitigate this risk and ensure the stability of the system.,Lenovo,System Update,5.5,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2019-06-25T00:00:00.000Z,0
CVE-2018-9063,https://securityvulnerability.io/vulnerability/CVE-2018-9063,,"MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv.",Lenovo,Lenovo System Update,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2018-05-04T17:29:00.000Z,0
CVE-2015-6971,https://securityvulnerability.io/vulnerability/CVE-2015-6971,,Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.,Lenovo,System Update,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2017-10-03T01:29:00.000Z,0
CVE-2015-8110,https://securityvulnerability.io/vulnerability/CVE-2015-8110,,"Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) ""Click here to learn more"" or (2) ""View privacy policy"" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a ""local privilege escalation vulnerability.""",Lenovo,Lenovo System Update,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2017-04-24T06:12:00.000Z,0
CVE-2015-8109,https://securityvulnerability.io/vulnerability/CVE-2015-8109,,"Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a ""temporary administrator account vulnerability.""",Lenovo,Lenovo System Update,7,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2017-04-24T06:12:00.000Z,0
CVE-2015-2233,https://securityvulnerability.io/vulnerability/CVE-2015-2233,,"Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate.",Lenovo,System Update,,,0.0004900000058114529,false,,false,false,false,,,false,false,,2015-05-12T19:00:00.000Z,0
CVE-2015-2219,https://securityvulnerability.io/vulnerability/CVE-2015-2219,,"Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.",Lenovo,System Update,,,0.0008800000068731606,false,,false,false,false,,,false,false,,2015-05-12T19:00:00.000Z,0
CVE-2015-2234,https://securityvulnerability.io/vulnerability/CVE-2015-2234,,"Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.",Lenovo,System Update,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2015-05-12T19:00:00.000Z,0
CVE-2008-3249,https://securityvulnerability.io/vulnerability/CVE-2008-3249,,"The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.",Lenovo,Thinkvantage System Update,,,0.027079999446868896,false,,false,false,false,,,false,false,,2008-07-21T17:00:00.000Z,0