406 matches found
EUVD-2023-43016
Malicious code in bioql PyPI...
EUVD-2022-33618
Malicious code in bioql PyPI...
EUVD-2022-33621
Malicious code in bioql PyPI...
EUVD-2022-36942
Malicious code in bioql PyPI...
EUVD-2021-29045
Malicious code in bioql PyPI...
EUVD-2022-37017
Malicious code in bioql PyPI...
Insyde InsydeH2O 安全漏洞
Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which stems from a buffer overflow that could lead to the execution of arbitrary code...
InsydeH2O 安全漏洞
InsydeH2O is a customizable firmware codebase from China Insyde Insyde. A security vulnerability exists in InsydeH2O, which stems from an SMRAM memory content leak in the SMM module...
Insyde BIOS Vulnerabilities - Lenovo Support US
No description provided...
CVE-2025-4275
A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot...
CVE-2024-55567
Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary...
PT-2025-25335
Name of the Vulnerable Software and Affected Versions Insyde InsydeH2O kernel versions 5.4 through 05.46.01 Insyde InsydeH2O kernel versions 5.5 through 05.54.01 Insyde InsydeH2O kernel versions 5.6 through 05.61.01 Insyde InsydeH2O kernel versions 5.7 through 05.70.01 Description Improper input...
CVE-2025-4275
A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot...
CVE-2025-4275 SecureFlashDxe: Incorrect UEFI variable attributes check allows usage of invalid certificate
A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot...
CVE-2025-4275 SecureFlashDxe: Incorrect UEFI variable attributes check allows usage of invalid certificate
A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot...
CVE-2025-4275
CVE-2025-4275 affects InsydeH2O UEFI firmware/applications. Root cause: unsafe handling of an NVRAM variable used to store signing certificates, enabling a attacker to inject their own certificate and bypass Secure Boot. Impact: execution of unsigned or malicious UEFI code before OS load, potenti...
Insyde InsydeH2O 安全漏洞
Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which can be exploited to alter certificates and execute .efi files...
A vulnerability in Insyde H2O UEFI application allows for digital certificate injection via NVRAM variable
Overview A vulnerability in an Insyde H2O UEFI firmware application allows digital certificate injection through an unprotected NVRAM variable. This issue arises from the unsafe use of an NVRAM variable, which is used as trusted storage for a digital certificate in the trust validation chain. An...
PT-2025-24404
Name of the Vulnerable Software and Affected Versions Insyde H2O UEFI firmware affected versions not specified Description A flaw exists in the digital signature verification process within Insyde H2O UEFI firmware. This issue does not properly validate variable attributes, allowing an attacker t...
CVE-2023-28468
An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS...