Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2234 | 1 Lenovo | 1 System Update | 2017-01-03 | 6.9 MEDIUM | N/A |
| Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated. | |||||
| CVE-2015-2219 | 1 Lenovo | 1 System Update | 2016-12-03 | 7.2 HIGH | N/A |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe. | |||||
| CVE-2015-2233 | 1 Lenovo | 1 System Update | 2016-12-03 | 8.3 HIGH | N/A |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate. | |||||