Lucene search
K

406 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-43016

Malicious code in bioql PyPI...

5.5CVSS5.8AI score0.00178EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-33618

Malicious code in bioql PyPI...

8.2CVSS8AI score0.00193EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-33621

Malicious code in bioql PyPI...

8.2CVSS8.1AI score0.00193EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-36942

Malicious code in bioql PyPI...

7CVSS6.9AI score0.00132EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2021-29045

Malicious code in bioql PyPI...

7.2CVSS6.5AI score0.00345EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-37017

Malicious code in bioql PyPI...

7CVSS6.9AI score0.00158EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.5 views

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which stems from a buffer overflow that could lead to the execution of arbitrary code...

7.5CVSS7.3AI score0.0012EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/30 12:0 a.m.4 views

InsydeH2O 安全漏洞

InsydeH2O is a customizable firmware codebase from China Insyde Insyde. A security vulnerability exists in InsydeH2O, which stems from an SMRAM memory content leak in the SMM module...

6CVSS7AI score0.00175EPSS
Exploits0References2
Lenovo
Lenovo
added 2025/07/29 4:9 p.m.5 views

Insyde BIOS Vulnerabilities - Lenovo Support US

No description provided...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/06/13 1:19 a.m.7 views

CVE-2025-4275

A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot...

7.8CVSS9.6AI score0.00404EPSS
Exploits0References1
OSV
OSV
added 2025/06/12 5:15 p.m.2 views

CVE-2024-55567

Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary...

6.7CVSS6AI score0.00134EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/12 12:0 a.m.3 views

PT-2025-25335

Name of the Vulnerable Software and Affected Versions Insyde InsydeH2O kernel versions 5.4 through 05.46.01 Insyde InsydeH2O kernel versions 5.5 through 05.54.01 Insyde InsydeH2O kernel versions 5.6 through 05.61.01 Insyde InsydeH2O kernel versions 5.7 through 05.70.01 Description Improper input...

7.5CVSS7.5AI score0.00134EPSS
Exploits0References10
NVD
NVD
added 2025/06/11 1:15 a.m.10 views

CVE-2025-4275

A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot...

7.8CVSS0.00404EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/11 12:25 a.m.4 views

CVE-2025-4275 SecureFlashDxe: Incorrect UEFI variable attributes check allows usage of invalid certificate

A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot...

7.8CVSS9.6AI score0.00404EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/11 12:25 a.m.35 views

CVE-2025-4275 SecureFlashDxe: Incorrect UEFI variable attributes check allows usage of invalid certificate

A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot...

7.8CVSS0.00404EPSS
Exploits0References1
CVE
CVE
added 2025/06/11 12:25 a.m.88 views

CVE-2025-4275

CVE-2025-4275 affects InsydeH2O UEFI firmware/applications. Root cause: unsafe handling of an NVRAM variable used to store signing certificates, enabling a attacker to inject their own certificate and bypass Secure Boot. Impact: execution of unsigned or malicious UEFI code before OS load, potenti...

7.8CVSS9.6AI score0.00404EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.4 views

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which can be exploited to alter certificates and execute .efi files...

7.8CVSS9.2AI score0.00404EPSS
Exploits0References3
CERT
CERT
added 2025/06/10 12:0 a.m.13 views

A vulnerability in Insyde H2O UEFI application allows for digital certificate injection via NVRAM variable

Overview A vulnerability in an Insyde H2O UEFI firmware application allows digital certificate injection through an unprotected NVRAM variable. This issue arises from the unsafe use of an NVRAM variable, which is used as trusted storage for a digital certificate in the trust validation chain. An...

7.8CVSS9.3AI score0.00404EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.9 views

PT-2025-24404

Name of the Vulnerable Software and Affected Versions Insyde H2O UEFI firmware affected versions not specified Description A flaw exists in the digital signature verification process within Insyde H2O UEFI firmware. This issue does not properly validate variable attributes, allowing an attacker t...

7.8CVSS9.2AI score0.00404EPSS
Exploits0References65
RedhatCVE
RedhatCVE
added 2025/05/23 6:2 a.m.5 views

CVE-2023-28468

An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS...

6.5CVSS6.8AI score0.00154EPSS
Exploits0References1
Rows per page
Query Builder