CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4632
https://notcve.org/view.php?id=CVE-2023-4632
08 Nov 2023 — An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges. Se informó una vulnerabilidad de ruta de búsqueda no controlada en Lenovo System Update que podría permitir que un atacante con acceso local ejecute código con privilegios elevados. • https://support.lenovo.com/us/en/product_security/LEN-135367 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3702
https://notcve.org/view.php?id=CVE-2022-3702
27 Oct 2023 — A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions. Se informó una vulnerabilidad de Denegación de Servicio (DoS) en Lenovo Vantage HardwareScan Plugin versión 1.3.0.5 y anteriores que podría permitir a un atacante local eliminar el contenido de un directorio arbitrario bajo ciertas condiciones. • https://support.lenovo.com/us/en/product_security/LEN-94532 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3701
https://notcve.org/view.php?id=CVE-2022-3701
27 Oct 2023 — A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges. Se informó una vulnerabilidad de elevación de privilegios en el complemento Lenovo Vantage SystemUpdate versión 2.0.0.212 y anteriores que podría permitir a un atacante local ejecutar código arbitrario con privilegios elevados. • https://support.lenovo.com/us/en/product_security/LEN-94532 • CWE-269: Improper Privilege Management CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3700
https://notcve.org/view.php?id=CVE-2022-3700
27 Oct 2023 — A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files. Se informó una vulnerabilidad de Time of Check Time of Use (TOCTOU) en Lenovo Vantage SystemUpdate Plugin versión 2.0.0.212 y anteriores que podría permitir a un atacante local eliminar archivos arbitrarios. • https://support.lenovo.com/us/en/product_security/LEN-94532 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4568
https://notcve.org/view.php?id=CVE-2022-4568
01 May 2023 — A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges. • https://support.lenovo.com/us/en/product_security/LEN-103545 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0354
https://notcve.org/view.php?id=CVE-2022-0354
22 Apr 2022 — A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window. Se ha informado de una vulnerabilidad en Lenovo System Update que podría permitir a un usuario local con acceso interactivo al sistema la capacidad de ejecutar código con altos privilegios sólo durante la instalación de un ... • https://support.lenovo.com/us/en/product_security/LEN-76673 •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8342
https://notcve.org/view.php?id=CVE-2020-8342
15 Sep 2020 — A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. Se reportó una vulnerabilidad de condición de carrera en Lenovo System Update versiones anteriores a 5.07.0106, que podría permitir una escalada de privilegios • https://support.lenovo.com/us/en/product_security/LEN-42150 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7335
https://notcve.org/view.php?id=CVE-2015-7335
27 Mar 2020 — MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges. MITRE está completando este ID porque fue asignado antes de que Lenovo se convirtiera en un CNA. Se reportó una condición de carrera (corregida y divulgada públicamente en 2015) en Lenovo System Update versión 5.07.0008 y anteriore... • https://support.lenovo.com/us/en/product_security/lsu_privilege • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7334
https://notcve.org/view.php?id=CVE-2015-7334
27 Mar 2020 — MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges. MITRE está completando este ID porque fue asignado antes de que Lenovo se convirtiera en un CNA. Se reportó una vulnerabilidad de escalada de privilegios local (correg... • https://support.lenovo.com/us/en/product_security/lsu_privilege • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7333
https://notcve.org/view.php?id=CVE-2015-7333
27 Mar 2020 — MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges. MITRE está completando este ID porque fue asignado antes de que Lenovo se convirtiera en un CNA. Se reportó una vulnerabilidad de escalad... • https://support.lenovo.com/us/en/product_security/lsu_privilege • CWE-269: Improper Privilege Management •