CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-36944

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00051EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 12:36 a.m.•4 views

CVE-2022-33907

DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cau...

6.4CVSS6.9AI score0.00051EPSS

Exploits0References1

Tenable Nessus•added 2023/09/26 12:0 a.m.•22 views

Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32478)

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the IdeBusDxe shared buffer used by SMM and non- SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...

7CVSS7.4AI score0.00038EPSS

Exploits0References3

OSV•added 2023/02/15 2:15 a.m.•0 views

CVE-2022-32478

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the IdeBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...

7CVSS6AI score

Exploits0References2

Prion•added 2023/02/15 2:15 a.m.•14 views

Race condition

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the IdeBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...

3.5CVSS7.2AI score0.00038EPSS

Exploits0References2Affected Software1

NVD•added 2022/11/14 11:15 p.m.•15 views

CVE-2022-33907

6.4CVSS0.00051EPSS

Exploits0References3

OSV•added 2022/11/14 11:15 p.m.•2 views

CVE-2022-33907

6.4CVSS5.8AI score

Exploits0References3

Prion•added 2022/11/14 11:15 p.m.•16 views

Hardcoded credentials

3.4CVSS6.5AI score0.00051EPSS

Exploits0References3Affected Software1

Cvelist•added 2022/11/14 12:0 a.m.•16 views

CVE-2022-33907

6.7AI score0.00051EPSS

Exploits0References3

Vulnrichment•added 2022/11/14 12:0 a.m.•3 views

CVE-2022-33907

6.5AI score0.00051EPSS

Exploits0References3

CVE•added 2022/11/14 12:0 a.m.•65 views

CVE-2022-33907

CVE-2022-33907 describes a TOCTOU vulnerability in the SMI handler input buffers of the InsydeH2O IdeBusDxe driver. DMA accesses targeting these buffers could lead to SMRAM corruption. The issue is recorded with a base CVSSv3.1 base score of 6.4 (LOCAL, HIGH complexity, HIGH privileges required) ...

6.4CVSS6.4AI score0.00051EPSS

Exploits0References3Affected Software1

OSV•added 2022/01/05 11:15 p.m.•0 views

CVE-2021-45970

An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM System Management Mode branch that registers a SWSMI handler that does not sufficient...

8.2CVSS7.7AI score0.00084EPSS

Exploits0References4

NVD•added 2021/06/16 4:15 p.m.•17 views

CVE-2020-27339

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and...

7.2CVSS0.00056EPSS

Exploits0References4

OSV•added 2021/06/16 4:15 p.m.•1 views

CVE-2020-27339

6.7CVSS6.6AI score0.00056EPSS

Exploits0References4

Prion•added 2021/06/16 4:15 p.m.•21 views

Code injection

7.2CVSS6.9AI score0.00056EPSS

Exploits0References3Affected Software1

Rows per page