Vulnerabilities > Lenovo > System Update > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-04 | CVE-2018-9063 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lenovo System Update MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. | 7.8 |
| 2017-10-03 | CVE-2015-6971 | Command Injection vulnerability in Lenovo System Update 5.06.0027/5.06.0034 Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables. | 7.8 |