Every CVE whose affected-product data names Lenovo System Update, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2015-2233 — CVSS 8.3 (high): Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature…
CVE-2018-9063 — CVSS 7.8 (high): MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local…
CVE-2023-4632 — CVSS 7.8 (high): An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute…
CVE-2015-6971 — CVSS 7.8 (high): Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update…
CVE-2015-7333 — CVSS 7.8 (high): MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported…
CVE-2015-7334 — CVSS 7.8 (high): MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported…
CVE-2015-7336 — CVSS 7.5 (high): MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly…
CVE-2019-6175 — CVSS 7.5 (high): A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to…
CVE-2020-8342 — CVSS 7.3 (high): A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.
CVE-2022-0354 — CVSS 7.3 (high): A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute…
CVE-2015-2219 — CVSS 7.2 (high): Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to…
CVE-2015-7335 — CVSS 7.0 (high): MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly…
CVE-2022-4568 — CVSS 7.0 (high): A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.
CVE-2015-2234 — CVSS 6.9 (medium): Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the…
CVE-2019-6163 — CVSS 5.5 (medium): A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be…