Lucene search
K

206 matches found

Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.6 views

PT-2024-3507 · Huawei · Huawei Matebook D16

Name of the Vulnerable Software and Affected Versions: Huawei Matebook D16 version v2.26 Description: The issue is related to a buffer overflow in the SMRAM memory of Huawei personal computers' UEFI BIOS microprogram, which can allow an attacker to execute arbitrary code in System Management Mode...

7.8CVSS8.5AI score0.0013EPSS
Exploits0References6
NVD
NVD
added 2023/11/15 12:15 a.m.23 views

CVE-2023-31100

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 from 4.4.0.0 before 4.4.0.217 from 4.5.0.0 before 4.5.0.138...

8.4CVSS0.00189EPSS
Exploits0References2
Prion
Prion
added 2023/11/15 12:15 a.m.18 views

Improper access control

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 from 4.4.0.0 before 4.4.0.217 from 4.5.0.0 before 4.5.0.138...

3.2CVSS7.2AI score0.00189EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/14 11:17 p.m.13 views

CVE-2023-31100

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 from 4.4.0.0 before 4.4.0.217 from 4.5.0.0 before 4.5.0.138...

8.4CVSS7AI score0.00189EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/14 11:17 p.m.29 views

CVE-2023-31100

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 from 4.4.0.0 before 4.4.0.217 from 4.5.0.0 before 4.5.0.138...

8.4CVSS8.6AI score0.00189EPSS
Exploits0References1
CVE
CVE
added 2023/11/14 11:17 p.m.52 views

CVE-2023-31100

CVE-2023-31100 relates to an Improper Access Control in the SMI handler of Phoenix SecureCore Technologies 4. Affected versions include: 4.3.0.0 before 4.3.0.203; 4.3.1.0 before 4.3.1.163; 4.4.0.0 before 4.4.0.217; and 4.5.0.0 before 4.5.0.138. The root cause is an access control flaw in the SMI ...

8.4CVSS7AI score0.00189EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/11/14 7:15 p.m.5 views

CVE-2023-20596

Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution...

9.8CVSS5.9AI score0.00964EPSS
Exploits0References1
Prion
Prion
added 2023/11/14 7:15 p.m.29 views

Input validation

Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution...

7.5CVSS8AI score0.00964EPSS
Exploits0References1Affected Software64
NVD
NVD
added 2023/11/02 9:15 p.m.30 views

CVE-2023-39284

An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler...

5.5CVSS5.5AI score0.00178EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/11/02 9:15 p.m.4 views

CVE-2023-39284

An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler...

5.5CVSS6.2AI score0.00178EPSS
Exploits0References3
Prion
Prion
added 2023/11/02 9:15 p.m.20 views

Design/Logic Flaw

An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler...

1.7CVSS5.5AI score0.00178EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/11/02 12:0 a.m.31 views

CVE-2023-39284

An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler...

5.7AI score0.00178EPSS
Exploits0References2
CVE
CVE
added 2023/11/02 12:0 a.m.59 views

CVE-2023-39284

CVE-2023-39284 affects Insyde InsydeH2O kernel 5.0–5.5 via IhisiServicesSmm, where arbitrary SetVariable calls in the SMI handler can pass attacker-controlled parameters. Root cause: unsanitized arguments in SMI SetVariable handling, enabling modification of protected NVRAM variables from Ring0 (...

5.5CVSS5.5AI score0.00178EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/02 12:0 a.m.17 views

CVE-2023-39284

An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler...

7.1AI score0.00178EPSS
Exploits0References2
NVD
NVD
added 2023/10/30 3:15 p.m.22 views

CVE-2022-4574

An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code...

6.7CVSS6.7AI score0.00191EPSS
Exploits0References1
NVD
NVD
added 2023/10/30 3:15 p.m.27 views

CVE-2022-4573

An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code...

6.7CVSS6.7AI score0.00189EPSS
Exploits0References1
Prion
Prion
added 2023/10/30 3:15 p.m.22 views

Input validation

An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code...

4CVSS6.7AI score0.00191EPSS
Exploits0References1Affected Software47
CVE
CVE
added 2023/10/30 2:36 p.m.55 views

CVE-2022-4574

The CVE describes a BIOS SMI handler input validation vulnerability in Lenovo ThinkPad models. A local, elevated-privilege attacker could exploit a flaw in the SMI handler to execute arbitrary code. The available documents identify the affected surface as the BIOS/SMI handler but do not specify e...

6.7CVSS6.7AI score0.00191EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/30 2:36 p.m.23 views

CVE-2022-4574

An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code...

6.7CVSS6.9AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/30 2:36 p.m.13 views

CVE-2022-4574

An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code...

6.7CVSS7.4AI score0.00191EPSS
Exploits0References1
Rows per page
Query Builder