CVE-2021-33834

An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT 6.20.00. When handling IOCTL 0x22229a, the input used to allocate a buffer and copy memory is mishandled. This could cause memory corruption or a system crash...

EUVD-2019-4127

Malware in sbrugna...

EUVD-2024-30973

Malicious code in bioql PyPI...

CVE-2024-33228

An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests...

PT-2024-28644 · Insyde · Insyde Ihisi

Name of the Vulnerable Software and Affected Versions: Insyde IHISI versions prior to kernel 5.2 version 05.29.19 Insyde IHISI versions prior to kernel 5.3 version 05.38.19 Insyde IHISI versions prior to kernel 5.4 version 05.46.19 Insyde IHISI versions prior to kernel 5.5 version 05.54.19 Insyde...

CVE-2024-33228

An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests...

CVE-2024-33228

An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests...

CVE-2024-33228

CVE-2024-33228 affects Insyde Software SEG Windows Driver (v100.00.07.02), specifically the segwindrvx64.sys component. The issue allows local attackers to escalate privileges and execute arbitrary code by sending crafted IOCTL requests. Impact is described as high (privilege escalation, code exe...

Insyde Software Corp SEG Windows Driver 安全漏洞

Insyde Software Corp SEG Windows Driver is a driver for managing and processing system events from Insyde Software Corp China. A security vulnerability exists in Insyde Software Corp SEG Windows Driver version v100.00.07.02, which originates from a security flaw in the component segwindrvx64.sys...

PT-2024-25164 · Insyde · Seg Windows Driver

Name of the Vulnerable Software and Affected Versions: Insyde Software Corp SEG Windows Driver version 100.00.07.02 Description: An issue in the component segwindrvx64.sys allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. Recommendations: For...

PT-2024-11745 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O versions 5.0 through 5.5 Description: An issue was discovered in the CapsuleIFWUSmm driver, which does not check the return value from a method or function. This can prevent it from detecting unexpected states and conditions...

PT-2023-13062 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O versions 5.0 through 5.5 Description: An issue was discovered in Insyde InsydeH2O where DMA attacks on the PnpSmm shared buffer could cause TOCTOU race-condition issues, leading to corruption of SMRAM and escalation of...

Insyde InsydeH2O Buffer Overflow Vulnerability

Insyde InsydeH2O is a C language source from Insyde Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. Insyde A buffer overflow vulnerability exists in InsydeH2O 5.0 and later, 5.5 and earlier versions,...

CVE-2022-29276

SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18...

Intel Confirms Leak of Alder Lake BIOS Source Code

Chipmaker Intel has confirmed that proprietary source code related to its Alder Lake CPUs has been leaked, following its release by an unknown third-party on 4chan and GitHub last week. The published content contains Unified Extensible Firmware Interface UEFI code for Alder Lake, the company's 12...

Insyde InsydeH2O Buffer Overflow Vulnerability (CNVD-2022-10273)

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System. Operating System H2O UEFI firmware has a buffer overflow vulnerability that can be exploited to write fixed...

Insyde InsydeH2O Buffer Overflow Vulnerability (CNVD-2022-10275)

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System. Operating System H2O UEFI firmware has a buffer overflow vulnerability that can be exploited to write fixed...

Insyde InsydeH2O permission permission and access control issues vulnerability (CNVD-2022-10274)

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. Operating System H2O UEFI firmware is vulnerable to permission and access control issues, which can be...

Insyde InsydeH2O has an unspecified vulnerability (CNVD-2022-10279)

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. Operating System H2O UEFI firmware contains a security vulnerability that can be exploited by attacker...

Insyde InsydeH2O Buffer Overflow Vulnerability (CNVD-2022-10277)

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System. Operating System H2O UEFI firmware suffers from a buffer overflow vulnerability that could be exploited by ...