119 matches found
EUVD-2021-20302
Malware in sbrugna...
EUVD-2021-20304
Malware in sbrugna...
EUVD-2023-43016
Malicious code in bioql PyPI...
EUVD-2021-29045
Malicious code in bioql PyPI...
EUVD-2022-38767
Malicious code in bioql PyPI...
EUVD-2022-38768
Malicious code in bioql PyPI...
Insyde InsydeH2O 安全漏洞
Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which stems from a buffer overflow that could lead to the execution of arbitrary code...
Insyde InsydeH2O 安全漏洞
Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which can be exploited to alter certificates and execute .efi files...
CVE-2023-22614
An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There is insufficient input validation in BIOS Guard updates. An attacker can induce memory corruption in SMM by supplying malformed inputs to the BIOS Guard SMI handler...
CVE-2024-52877
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver,...
CVE-2024-52880
The connected PT-2025-17633 entry provides concrete fixes for Insyde InsydeH2O kernel vulnerabilities: affected kernel versions are 5.2–05.29.49, 5.3–05.38.49, 5.4–05.46.49, 5.5–05.54.49, 5.6–05.61.49, and 5.7–05.70.49. The root cause is that the SecureBootHandler in the VariableRuntimeDxe driver...
PT-2025-17631 · Insyde · Insydeh2O
Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O kernel versions 5.2 through 05.29.49 Insyde InsydeH2O kernel versions 5.3 through 05.38.49 Insyde InsydeH2O kernel versions 5.4 through 05.46.49 Insyde InsydeH2O kernel versions 5.5 through 05.54.49 Insyde InsydeH2O kernel...
CVE-2023-28149
An issue was discovered in the IhisiServiceSmm module in Insyde InsydeH2O with kernel 5.2 before 05.28.42, 5.3 before 05.37.42, 5.4 before 05.45.39, 5.5 before 05.53.39, and 5.6 before 05.60.39 that could allow an attacker to modify UEFI variables...
CVE-2023-28149
The CVE-2023-28149 issue affects the IhisiServiceSmm module in Insyde InsydeH2O. Affected kernel series include 5.2 prior to 05.28.42, 5.3 prior to 05.37.42, 5.4 prior to 05.45.39, 5.5 prior to 05.53.39, and 5.6 prior to 05.60.39. The vulnerability could allow an attacker to modify UEFI variables...
CVE-2024-25079
CVE-2024-25079 affects InsydeH2O kernel (Insyde InsydeH2O) with a memory corruption in HddPassword that could lead to SMM privilege escalation. Affected versions and fixed targets per PT-2024-20730/CDS: 5.2 before 05.29.09 → update to 05.29.09 or later; 5.3 before 05.38.09 → update to 05.38.09 or...
Insyde InsydeH2O 安全漏洞
Insyde InsydeH2O is a C source from Insyde Corporation, Taiwan, which implements the new technology "EFI/UEFI" specification designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which stems from a memory corruption vulnerability...
PT-2024-20729 · Insyde · Insydeh2O
Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O versions prior to kernel 5.2: IB19130163 in 05.29.07 Insyde InsydeH2O versions prior to kernel 5.3: IB19130163 in 05.38.07 Insyde InsydeH2O versions prior to kernel 5.4: IB19130163 in 05.46.07 Insyde InsydeH2O versions prior ...
CVE-2022-46897
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The CapsuleIFWUSmm driver does not check the return value from a method or function. This can prevent it from detecting unexpected states and conditions...
Race condition
TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process...
CVE-2022-24351
TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process...