| Max CVSS | 8.3 | Min CVSS | 6.9 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-2234 | 6.9 |
Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature
|
03-01-2017 - 02:59 | 12-05-2015 - 19:59 | |
| CVE-2015-2219 | 7.2 |
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an
|
03-12-2016 - 03:04 | 12-05-2015 - 19:59 | |
| CVE-2015-2233 | 8.3 |
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate.
|
03-12-2016 - 03:04 | 12-05-2015 - 19:59 |