CVE-2023-4632
https://notcve.org/view.php?id=CVE-2023-4632
An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges. Se informó una vulnerabilidad de ruta de búsqueda no controlada en Lenovo System Update que podría permitir que un atacante con acceso local ejecute código con privilegios elevados. • https://support.lenovo.com/us/en/product_security/LEN-135367 • CWE-427: Uncontrolled Search Path Element •
CVE-2022-4568
https://notcve.org/view.php?id=CVE-2022-4568
A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges. • https://support.lenovo.com/us/en/product_security/LEN-103545 • CWE-276: Incorrect Default Permissions •
CVE-2022-34404
https://notcve.org/view.php?id=CVE-2022-34404
Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service. • https://www.dell.com/support/kbdoc/000203733 • CWE-295: Improper Certificate Validation •
CVE-2022-0354
https://notcve.org/view.php?id=CVE-2022-0354
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window. Se ha informado de una vulnerabilidad en Lenovo System Update que podría permitir a un usuario local con acceso interactivo al sistema la capacidad de ejecutar código con altos privilegios sólo durante la instalación de un paquete de System Update publicado antes del 25-02-2022, que muestra una ventana de símbolo del sistema • https://support.lenovo.com/us/en/product_security/LEN-76673 https://www.infosec.tirol/cve-2022-0354 •
CVE-2021-21529
https://notcve.org/view.php?id=CVE-2021-21529
Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to cause the system to run out of memory by running multiple instances of the vulnerable application. Dell System Update (DSU) versiones 1.9 y anteriores, contienen una vulnerabilidad de denegación de servicio. Un usuario malicioso local autenticado poco privilegiado puede explotar esta vulnerabilidad para causar que el sistema se quede sin memoria al ejecutar múltiples instancias de la aplicación vulnerable. • https://www.dell.com/support/kbdoc/en-us/000184608/dsa-2021-059-dell-emc-system-update-dsu-security-update-for-denial-of-service-vulnerability • CWE-400: Uncontrolled Resource Consumption •